Sample-Reports/ScubaResults_550fbc57-f602-4b40.json
|
{
"MetaData": { "TenantId": "27ecc021-87f7-4346-9682-b62bf3966808", "DisplayName": "tqhjy", "DomainName": "tqhjy.onmicrosoft.com", "ProductSuite": "Microsoft 365", "ProductsAssessed": [ "Azure Active Directory", "Microsoft 365 Defender", "Exchange Online", "Microsoft Power Platform", "SharePoint Online", "Microsoft Teams" ], "ProductAbbreviationMapping": { "Microsoft 365 Defender": "Defender", "SharePoint Online": "SharePoint", "Azure Active Directory": "AAD", "Microsoft Power Platform": "PowerPlatform", "Microsoft Teams": "Teams", "Exchange Online": "EXO" }, "Tool": "ScubaGear", "ToolVersion": "1.5.0", "TimestampZulu": "2024-12-18T15:40:27.138Z", "ReportUUID": "550fbc57-f602-4b40-bb9a-7ad30a157208" }, "Summary": { "AAD": { "Failures": 11, "Errors": 0, "Passes": 11, "Warnings": 3, "Manual": 5, "Omits": 0 }, "Defender": { "Failures": 3, "Errors": 0, "Passes": 10, "Warnings": 3, "Manual": 4, "Omits": 0 }, "EXO": { "Failures": 3, "Errors": 0, "Passes": 9, "Warnings": 2, "Manual": 27, "Omits": 0 }, "PowerPlatform": { "Failures": 0, "Errors": 0, "Passes": 6, "Warnings": 0, "Manual": 2, "Omits": 0 }, "SharePoint": { "Failures": 0, "Errors": 0, "Passes": 4, "Warnings": 0, "Manual": 5, "Omits": 0 }, "Teams": { "Failures": 0, "Errors": 0, "Passes": 15, "Warnings": 0, "Manual": 6, "Omits": 0 } }, "Results": { "AAD": [ { "GroupName": "Legacy Authentication", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#1-legacy-authentication", "Controls": [ { "Control ID": "MS.AAD.1.1v1", "Requirement": "Legacy authentication SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.1.1v1 Legacy authentication SHALL be blocked. " } ] }, { "GroupName": "Risk Based Policies", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#2-risk-based-policies", "Controls": [ { "Control ID": "MS.AAD.2.1v1", "Requirement": "Users detected as high risk SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.2.1v1 Users detected as high risk SHALL be blocked. " }, { "Control ID": "MS.AAD.2.2v1", "Requirement": "A notification SHOULD be sent to the administrator when high-risk users are detected.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#msaad22v1 for instructions on manual check" }, { "Control ID": "MS.AAD.2.3v1", "Requirement": "Sign-ins detected as high risk SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked. " } ] }, { "GroupName": "Strong Authentication and a Secure Registration Process", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#3-strong-authentication-and-a-secure-registration-process", "Controls": [ { "Control ID": "MS.AAD.3.1v1", "Requirement": "Phishing-resistant MFA SHALL be enforced for all users.", "Result": "Fail", "Criticality": "Shall", "Details": "0 conditional access policy(s) found that meet(s) all requirements. " }, { "Control ID": "MS.AAD.3.2v1", "Requirement": "If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users.", "Result": "Pass", "Criticality": "Shall", "Details": "1 conditional access policy(s) found that meet(s) all requirements: MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users. " }, { "Control ID": "MS.AAD.3.3v1", "Requirement": "If phishing-resistant MFA has not been enforced and Microsoft Authenticator is enabled, it SHALL be configured to show login context information.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.AAD.3.4v1", "Requirement": "The Authentication Methods Manage Migration feature SHALL be set to Migration Complete.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.AAD.3.5v1", "Requirement": "The authentication methods SMS, Voice Call, and Email One-Time Passcode (OTP) SHALL be disabled.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the tenant has their Manage Migration feature set to Migration Complete. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#msaad34v1 for more info" }, { "Control ID": "MS.AAD.3.6v1", "Requirement": "Phishing-resistant MFA SHALL be required for highly privileged roles.", "Result": "Fail", "Criticality": "Shall", "Details": "0 conditional access policy(s) found that meet(s) all requirements. " }, { "Control ID": "MS.AAD.3.7v1", "Requirement": "Managed devices SHOULD be required for authentication.", "Result": "Warning", "Criticality": "Should", "Details": "0 conditional access policy(s) found that meet(s) all requirements. " }, { "Control ID": "MS.AAD.3.8v1", "Requirement": "Managed Devices SHOULD be required to register MFA.", "Result": "Warning", "Criticality": "Should", "Details": "0 conditional access policy(s) found that meet(s) all requirements. " } ] }, { "GroupName": "Centralized Log Collection", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#4-centralized-log-collection", "Controls": [ { "Control ID": "MS.AAD.4.1v1", "Requirement": "Security logs SHALL be sent to the agency's security operations center for monitoring.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#msaad41v1 for instructions on manual check" } ] }, { "GroupName": "Application Registration and Consent", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#5-application-registration-and-consent", "Controls": [ { "Control ID": "MS.AAD.5.1v1", "Requirement": "Only administrators SHALL be allowed to register applications.", "Result": "Pass", "Criticality": "Shall", "Details": "0 authorization policies found that allow non-admin users to register third-party applications" }, { "Control ID": "MS.AAD.5.2v1", "Requirement": "Only administrators SHALL be allowed to consent to applications.", "Result": "Fail", "Criticality": "Shall", "Details": "1 authorization policies found that allow non-admin users to consent to third-party applications: authorizationPolicy" }, { "Control ID": "MS.AAD.5.3v1", "Requirement": "An admin consent workflow SHALL be configured for applications.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.AAD.5.4v1", "Requirement": "Group owners SHALL NOT be allowed to consent to applications.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This configuration setting has been deprecated and we are in the process of removing it from the baseline." } ] }, { "GroupName": "Passwords", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#6-passwords", "Controls": [ { "Control ID": "MS.AAD.6.1v1", "Requirement": "User passwords SHALL NOT expire.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" } ] }, { "GroupName": "Highly Privileged User Access", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#7-highly-privileged-user-access", "Controls": [ { "Control ID": "MS.AAD.7.1v1", "Requirement": "A minimum of two users and a maximum of eight users SHALL be provisioned with the Global Administrator role.", "Result": "Pass", "Criticality": "Shall", "Details": "2 global admin(s) found: Jane Doe, John Public" }, { "Control ID": "MS.AAD.7.2v1", "Requirement": "Privileged users SHALL be provisioned with finer-grained roles instead of Global Administrator.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met: Least Privilege Score = 2 (should be 1 or less)" }, { "Control ID": "MS.AAD.7.3v1", "Requirement": "Privileged users SHALL be provisioned cloud-only accounts separate from an on-premises directory or other federated identity providers.", "Result": "Pass", "Criticality": "Shall", "Details": "0 admin(s) that are not cloud-only found" }, { "Control ID": "MS.AAD.7.4v1", "Requirement": "Permanent active role assignments SHALL NOT be allowed for highly privileged roles.", "Result": "Fail", "Criticality": "Shall", "Details": "6 role(s) that contain users with permanent active assignment: Application Administrator, Exchange Administrator, Global Administrator, Privileged Role Administrator, SharePoint Administrator, User Administrator" }, { "Control ID": "MS.AAD.7.5v1", "Requirement": "Provisioning users to highly privileged roles SHALL NOT occur outside of a PAM system.", "Result": "Fail", "Criticality": "Shall", "Details": "4 role(s) assigned to users outside of PIM: Global Administrator, Privileged Role Administrator, SharePoint Administrator, User Administrator" }, { "Control ID": "MS.AAD.7.6v1", "Requirement": "Activation of the Global Administrator role SHALL require approval.", "Result": "Fail", "Criticality": "Shall", "Details": "1 role(s) or group(s) allowing activation without approval found: Global Administrator(Directory Role)" }, { "Control ID": "MS.AAD.7.7v1", "Requirement": "Eligible and Active highly privileged role assignments SHALL trigger an alert.", "Result": "Fail", "Criticality": "Shall", "Details": "6 role(s) or group(s) without notification e-mail configured for role assignments found: Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Global Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)" }, { "Control ID": "MS.AAD.7.8v1", "Requirement": "User activation of the Global Administrator role SHALL trigger an alert.", "Result": "Pass", "Criticality": "Shall", "Details": "0 role(s) or group(s) without notification e-mail configured for Global Administrator activations found" }, { "Control ID": "MS.AAD.7.9v1", "Requirement": "User activation of other highly privileged roles SHOULD trigger an alert.", "Result": "Warning", "Criticality": "Should", "Details": "5 role(s) or group(s) without notification e-mail configured for role activations found: Cloud Application Administrator(Directory Role), Exchange Administrator(Directory Role), Hybrid Identity Administrator(Directory Role), Privileged Role Administrator(Directory Role), SharePoint Administrator(Directory Role)" } ] }, { "GroupName": "Guest User Access", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#8-guest-user-access", "Controls": [ { "Control ID": "MS.AAD.8.1v1", "Requirement": "Guest users SHOULD have limited or restricted access to Microsoft Entra ID directory objects.", "Result": "Pass", "Criticality": "Should", "Details": "Permission level set to \"Limited access\" (authorizationPolicy)" }, { "Control ID": "MS.AAD.8.2v1", "Requirement": "Only users with the Guest Inviter role SHOULD be able to invite guest users.", "Result": "Pass", "Criticality": "Should", "Details": "Permission level set to \"adminsAndGuestInviters\" (authorizationPolicy)" }, { "Control ID": "MS.AAD.8.3v1", "Requirement": "Guest invites SHOULD only be allowed to specific external domains that have been authorized by the agency for legitimate business purposes.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/aad.md#msaad83v1 for instructions on manual check" } ] } ], "Defender": [ { "GroupName": "Preset Security Profiles", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#1-preset-security-profiles", "Controls": [ { "Control ID": "MS.DEFENDER.1.1v1", "Requirement": "The standard and strict preset security policies SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.2v1", "Requirement": "All users SHALL be added to Exchange Online Protection (EOP) in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.3v1", "Requirement": "All users SHALL be added to Defender for Office 365 protection in either the standard or strict preset security policy.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.1.4v1", "Requirement": "Sensitive accounts SHALL be added to Exchange Online Protection in the strict preset security policy.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" }, { "Control ID": "MS.DEFENDER.1.5v1", "Requirement": "Sensitive accounts SHALL be added to Defender for Office 365 protection in the strict preset security policy.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met" } ] }, { "GroupName": "Impersonation Protection", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#2-impersonation-protection", "Controls": [ { "Control ID": "MS.DEFENDER.2.1v1", "Requirement": "User impersonation protection SHOULD be enabled for sensitive accounts in both the standard and strict preset policies.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.2.2v1", "Requirement": "Domain impersonation protection SHOULD be enabled for domains owned by the agency in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all agency domains are included for targeted protection in Strict or Standard policy." }, { "Control ID": "MS.DEFENDER.2.3v1", "Requirement": "Domain impersonation protection SHOULD be added for important partners in both the standard and strict preset policies.", "Result": "Warning", "Criticality": "Should", "Details": "Not all partner domains are included for targeted protection in Strict or Standard policy." } ] }, { "GroupName": "Safe Attachments", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#3-safe-attachments", "Controls": [ { "Control ID": "MS.DEFENDER.3.1v1", "Requirement": "Safe attachments SHOULD be enabled for SharePoint, OneDrive, and Microsoft Teams.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#4-data-loss-prevention", "Controls": [ { "Control ID": "MS.DEFENDER.4.1v2", "Requirement": "A custom policy SHALL be configured to protect PII and sensitive information, as defined by the agency, blocking at a minimum: credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN).", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.2v1", "Requirement": "The custom policy SHOULD be applied to Exchange, OneDrive, SharePoint, Teams chat, and Devices.", "Result": "Warning", "Criticality": "Should", "Details": "DLP custom policy applied to the following locations: Exchange, OneDrive, SharePoint, Teams. Custom policy protecting sensitive info types NOT applied to: Devices. Devices location requires DLP for Endpoint licensing and at least one registered device. For full policy details, see the ActualValue field in the results file: ./TestResults.json" }, { "Control ID": "MS.DEFENDER.4.3v1", "Requirement": "The action for the custom policy SHOULD be set to block sharing sensitive information with everyone.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.4v1", "Requirement": "Notifications to inform users and help educate them on the proper use of sensitive information SHOULD be enabled in the custom policy.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.4.5v1", "Requirement": "A list of apps that are restricted from accessing files protected by DLP policy SHOULD be defined.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender45v1 for instructions on manual check" }, { "Control ID": "MS.DEFENDER.4.6v1", "Requirement": "The custom policy SHOULD include an action to block access to sensitive information by restricted apps and unwanted Bluetooth applications.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender46v1 for instructions on manual check" } ] }, { "GroupName": "Alerts", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#5-alerts", "Controls": [ { "Control ID": "MS.DEFENDER.5.1v1", "Requirement": "At a minimum, the alerts required by the CISA M365 Secure Configuration Baseline for Exchange Online SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.5.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a Security Information and Event Management (SIEM).", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender52v1 for instructions on manual check" } ] }, { "GroupName": "Audit Logging", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#6-audit-logging", "Controls": [ { "Control ID": "MS.DEFENDER.6.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.DEFENDER.6.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled for ALL users.", "Result": "Fail", "Criticality": "Shall", "Details": "Requirement not met. 81 tenant users without M365 Advanced Auditing feature assigned. To review and assign users the Microsoft 365 Advanced Auditing feature, see Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender62v1. To get a list of all users without the license feature run the following: Get-MgBetaUser -Filter \"not assignedPlans/any(a:a/servicePlanId eq 2f442157-a11c-46b9-ae5b-6e39ff4e5849 and a/capabilityStatus eq 'Enabled')\" -ConsistencyLevel eventual -Count UserCount -All | Select-Object DisplayName,UserPrincipalName" }, { "Control ID": "MS.DEFENDER.6.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/defender.md#msdefender63v1 for instructions on manual check" } ] } ], "EXO": [ { "GroupName": "Automatic Forwarding to External Domains", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#1-automatic-forwarding-to-external-domains", "Controls": [ { "Control ID": "MS.EXO.1.1v1", "Requirement": "Automatic forwarding to external domains SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Sender Policy Framework", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#2-sender-policy-framework", "Controls": [ { "Control ID": "MS.EXO.2.2v2", "Requirement": "An SPF policy SHALL be published for each domain that fails all non-approved senders.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "DomainKeys Identified Mail", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#3-domainkeys-identified-mail", "Controls": [ { "Control ID": "MS.EXO.3.1v1", "Requirement": "DKIM SHOULD be enabled for all domains.", "Result": "Warning", "Criticality": "Should", "Details": "1 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com" } ] }, { "GroupName": "Domain-Based Message Authentication, Reporting, and Conformance (DMARC)", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#4-domain-based-message-authentication,-reporting,-and-conformance-(dmarc)", "Controls": [ { "Control ID": "MS.EXO.4.1v1", "Requirement": "A DMARC policy SHALL be published for every second-level domain.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.2v1", "Requirement": "The DMARC message rejection option SHALL be p=reject.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.3v1", "Requirement": "The DMARC point of contact for aggregate reports SHALL include `reports@dmarc.cyber.dhs.gov`.", "Result": "Fail", "Criticality": "Shall", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" }, { "Control ID": "MS.EXO.4.4v1", "Requirement": "An agency point of contact SHOULD be included for aggregate and failure reports.", "Result": "Warning", "Criticality": "Should", "Details": "2 agency domain(s) found in violation: tqhjy.mail.onmicrosoft.com, tqhjy.onmicrosoft.com" } ] }, { "GroupName": "Simple Mail Transfer Protocol Authentication", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#5-simple-mail-transfer-protocol-authentication", "Controls": [ { "Control ID": "MS.EXO.5.1v1", "Requirement": "SMTP AUTH SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Calendar and Contact Sharing", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#6-calendar-and-contact-sharing", "Controls": [ { "Control ID": "MS.EXO.6.1v1", "Requirement": "Contact folders SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.EXO.6.2v1", "Requirement": "Calendar details SHALL NOT be shared with all domains.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "External Sender Warnings", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#7-external-sender-warnings", "Controls": [ { "Control ID": "MS.EXO.7.1v1", "Requirement": "External sender warnings SHALL be implemented.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention Solutions", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#8-data-loss-prevention-solutions", "Controls": [ { "Control ID": "MS.EXO.8.1v2", "Requirement": "A DLP solution SHALL be used.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo81v2 for instructions on a manual check." }, { "Control ID": "MS.EXO.8.2v2", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo82v2 for instructions on a manual check." }, { "Control ID": "MS.EXO.8.3v1", "Requirement": "The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo83v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.8.4v1", "Requirement": "At a minimum, the DLP solution SHALL restrict sharing credit card numbers, U.S. Individual Taxpayer Identification Numbers (ITIN), and U.S. Social Security numbers (SSN) via email.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo84v1 for instructions on a manual check." } ] }, { "GroupName": "Attachment File Type", "GroupNumber": "9", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#9-attachment-file-type", "Controls": [ { "Control ID": "MS.EXO.9.1v2", "Requirement": "Emails SHALL be filtered by attachment file types.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo91v2 for instructions on a manual check." }, { "Control ID": "MS.EXO.9.2v1", "Requirement": "The attachment filter SHOULD attempt to determine the true file type and assess the file extension.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo92v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.9.3v2", "Requirement": "Disallowed file types SHALL be determined and enforced.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo93v2 for instructions on a manual check." }, { "Control ID": "MS.EXO.9.4v1", "Requirement": "Alternatively chosen filtering solutions SHOULD offer services comparable to Microsoft Defender's Common Attachment Filter.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo94v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.9.5v1", "Requirement": "At a minimum, click-to-run files SHOULD be blocked (e.g., .exe, .cmd, and .vbe).", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo95v1 for instructions on a manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "10", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#10-malware-scanning", "Controls": [ { "Control ID": "MS.EXO.10.1v1", "Requirement": "Emails SHALL be scanned for malware.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo101v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.10.2v1", "Requirement": "Emails identified as containing malware SHALL be quarantined or dropped.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo102v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.10.3v1", "Requirement": "Email scanning SHALL be capable of reviewing emails after delivery.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo103v1 for instructions on a manual check." } ] }, { "GroupName": "Phishing Protections", "GroupNumber": "11", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#11-phishing-protections", "Controls": [ { "Control ID": "MS.EXO.11.1v1", "Requirement": "Impersonation protection checks SHOULD be used.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo111v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.11.2v1", "Requirement": "User warnings, comparable to the user safety tips included with EOP, SHOULD be displayed.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo112v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.11.3v1", "Requirement": "The phishing protection solution SHOULD include an AI-based phishing detection tool comparable to EOP Mailbox Intelligence.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo113v1 for instructions on a manual check." } ] }, { "GroupName": "IP Allow Lists", "GroupNumber": "12", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#12-ip-allow-lists", "Controls": [ { "Control ID": "MS.EXO.12.1v1", "Requirement": "IP allow lists SHOULD NOT be created.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.EXO.12.2v1", "Requirement": "Safe lists SHOULD NOT be enabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Mailbox Auditing", "GroupNumber": "13", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#13-mailbox-auditing", "Controls": [ { "Control ID": "MS.EXO.13.1v1", "Requirement": "Mailbox auditing SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Inbound Anti-Spam Protections", "GroupNumber": "14", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#14-inbound-anti-spam-protections", "Controls": [ { "Control ID": "MS.EXO.14.1v2", "Requirement": "A spam filter SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo141v2 for instructions on a manual check." }, { "Control ID": "MS.EXO.14.2v1", "Requirement": "Spam and high confidence spam SHALL be moved to either the junk email folder or the quarantine folder.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo142v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.14.3v1", "Requirement": "Allowed domains SHALL NOT be added to inbound anti-spam protection policies.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo143v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.14.4v1", "Requirement": "If a third-party party filtering solution is used, the solution SHOULD offer services comparable to the native spam filtering offered by Microsoft.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo144v1 for instructions on a manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "15", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#15-link-protection", "Controls": [ { "Control ID": "MS.EXO.15.1v1", "Requirement": "URL comparison with a block-list SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo151v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.15.2v1", "Requirement": "Direct download links SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo152v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.15.3v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo153v1 for instructions on a manual check." } ] }, { "GroupName": "Alerts", "GroupNumber": "16", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#16-alerts", "Controls": [ { "Control ID": "MS.EXO.16.1v1", "Requirement": "At a minimum, the following alerts SHALL be enabled: a. Suspicious email sending patterns detected. b. Suspicious Connector Activity. c. Suspicious Email Forwarding Activity. d. Messages have been delayed. e. Tenant restricted from sending unprovisioned email. f. Tenant restricted from sending email. g. A potentially malicious URL click was detected. ", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo161v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.16.2v1", "Requirement": "The alerts SHOULD be sent to a monitored address or incorporated into a security information and event management (SIEM) system.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo162v1 for instructions on a manual check." } ] }, { "GroupName": "Audit Logging", "GroupNumber": "17", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#17-audit-logging", "Controls": [ { "Control ID": "MS.EXO.17.1v1", "Requirement": "Microsoft Purview Audit (Standard) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo171v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.17.2v1", "Requirement": "Microsoft Purview Audit (Premium) logging SHALL be enabled.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo172v1 for instructions on a manual check." }, { "Control ID": "MS.EXO.17.3v1", "Requirement": "Audit logs SHALL be maintained for at least the minimum duration dictated by OMB M-21-31 (Appendix C).", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/exo.md#msexo173v1 for instructions on a manual check." } ] } ], "PowerPlatform": [ { "GroupName": "Creation of Power Platform Environments", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#1-creation-of-power-platform-environments", "Controls": [ { "Control ID": "MS.POWERPLATFORM.1.1v1", "Requirement": "The ability to create production and sandbox environments SHALL be restricted to admins.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.1.2v1", "Requirement": "The ability to create trial environments SHALL be restricted to admins.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Power Platform Data Loss Prevention Policies", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#2-power-platform-data-loss-prevention-policies", "Controls": [ { "Control ID": "MS.POWERPLATFORM.2.1v1", "Requirement": "A DLP policy SHALL be created to restrict connector access in the default Power Platform environment.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.2.2v1", "Requirement": "Non-default environments SHOULD have at least one DLP policy affecting them.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Power Platform Tenant Isolation", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#3-power-platform-tenant-isolation", "Controls": [ { "Control ID": "MS.POWERPLATFORM.3.1v1", "Requirement": "Power Platform tenant isolation SHALL be enabled.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.POWERPLATFORM.3.2v1", "Requirement": "An inbound/outbound connection allowlist SHOULD be configured.", "Result": "N/A", "Criticality": "Should/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform32v1 for instructions on manual check" } ] }, { "GroupName": "Power Apps Content Security Policy", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#4-power-apps-content-security-policy", "Controls": [ { "Control ID": "MS.POWERPLATFORM.4.1v1", "Requirement": "Content Security Policy (CSP) SHALL be enforced for model-driven and canvas Power Apps.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This product does not currently have the capability to check compliance for this policy. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#mspowerplatform41v1 for instructions on manual check" } ] }, { "GroupName": "Power Pages Creation", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/powerplatform.md#5-power-pages-creation", "Controls": [ { "Control ID": "MS.POWERPLATFORM.5.1v1", "Requirement": "The ability to create Power Pages sites SHOULD be restricted to admins.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] } ], "SharePoint": [ { "GroupName": "External Sharing", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#1-external-sharing", "Controls": [ { "Control ID": "MS.SHAREPOINT.1.1v1", "Requirement": "External sharing for SharePoint SHALL be limited to Existing guests or Only people in your organization.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.1.2v1", "Requirement": "External sharing for OneDrive SHALL be limited to Existing guests or Only people in your organization.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.1.3v1", "Requirement": "External sharing SHALL be restricted to approved external domains and/or users in approved security groups per interagency collaboration needs.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the external sharing slider on the admin page is not set to Only People In Your Organization. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint13v1 for more info" }, { "Control ID": "MS.SHAREPOINT.1.4v1", "Requirement": "Guest access SHALL be limited to the email the invitation was sent to.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This configuration setting has been deprecated and we are in the process of removing it from the baseline." } ] }, { "GroupName": "File and Folder Default Sharing Settings", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#2-file-and-folder-default-sharing-settings", "Controls": [ { "Control ID": "MS.SHAREPOINT.2.1v1", "Requirement": "File and folder default sharing scope SHALL be set to Specific people (only the people the user specifies).", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.SHAREPOINT.2.2v1", "Requirement": "File and folder default sharing permissions SHALL be set to View.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Securing Anyone Links and Verification Code Users", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#3-securing-anyone-links-and-verification-code-users", "Controls": [ { "Control ID": "MS.SHAREPOINT.3.1v1", "Requirement": "Expiration days for Anyone links SHALL be set to 30 days or less.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the external sharing slider on the admin page is set to Anyone. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint31v1 for more info" }, { "Control ID": "MS.SHAREPOINT.3.2v1", "Requirement": "The allowable file and folder permissions for links SHALL be set to View only.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the external sharing slider on the admin page is set to Anyone. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint32v1 for more info" }, { "Control ID": "MS.SHAREPOINT.3.3v1", "Requirement": "Reauthentication days for people who use a verification code SHALL be set to 30 days or less.", "Result": "N/A", "Criticality": "Shall/Not-Implemented", "Details": "This policy is only applicable if the external sharing slider on the admin page is set to Anyone or New and Existing Guests. See Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/sharepoint.md#mssharepoint33v1 for more info" } ] } ], "Teams": [ { "GroupName": "Meeting Policies", "GroupNumber": "1", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#1-meeting-policies", "Controls": [ { "Control ID": "MS.TEAMS.1.1v1", "Requirement": "External meeting participants SHOULD NOT be enabled to request control of shared desktops or windows.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.2v1", "Requirement": "Anonymous users SHALL NOT be enabled to start meetings.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.3v1", "Requirement": "Anonymous users and dial-in callers SHOULD NOT be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.4v1", "Requirement": "Internal users SHOULD be admitted automatically.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.5v1", "Requirement": "Dial-in users SHOULD NOT be enabled to bypass the lobby.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.6v1", "Requirement": "Meeting recording SHOULD be disabled.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.1.7v1", "Requirement": "Record an event SHOULD be set to Organizer can record.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "External User Access", "GroupNumber": "2", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#2-external-user-access", "Controls": [ { "Control ID": "MS.TEAMS.2.1v1", "Requirement": "External access for users SHALL only be enabled on a per-domain basis.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.2v1", "Requirement": "Unmanaged users SHALL NOT be enabled to initiate contact with internal users.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.2.3v1", "Requirement": "Internal users SHOULD NOT be enabled to initiate contact with unmanaged users.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Skype Users", "GroupNumber": "3", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#3-skype-users", "Controls": [ { "Control ID": "MS.TEAMS.3.1v1", "Requirement": "Contact with Skype users SHALL be blocked.", "Result": "Pass", "Criticality": "Shall", "Details": "Requirement met" } ] }, { "GroupName": "Teams Email Integration", "GroupNumber": "4", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#4-teams-email-integration", "Controls": [ { "Control ID": "MS.TEAMS.4.1v1", "Requirement": "Teams email integration SHALL be disabled.", "Result": "Pass", "Criticality": "Shall", "Details": "N/A: Feature is unavailable in GCC environments" } ] }, { "GroupName": "App Management", "GroupNumber": "5", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#5-app-management", "Controls": [ { "Control ID": "MS.TEAMS.5.1v1", "Requirement": "Agencies SHOULD only allow installation of Microsoft apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.2v1", "Requirement": "Agencies SHOULD only allow installation of third-party apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" }, { "Control ID": "MS.TEAMS.5.3v1", "Requirement": "Agencies SHOULD only allow installation of custom apps approved by the agency.", "Result": "Pass", "Criticality": "Should", "Details": "Requirement met" } ] }, { "GroupName": "Data Loss Prevention", "GroupNumber": "6", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#6-data-loss-prevention", "Controls": [ { "Control ID": "MS.TEAMS.6.1v1", "Requirement": "A DLP solution SHALL be enabled. The selected DLP solution SHOULD offer services comparable to the native DLP solution offered by Microsoft.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams61v1 for instructions on a manual check." }, { "Control ID": "MS.TEAMS.6.2v1", "Requirement": "The DLP solution SHALL protect personally identifiable information (PII) and sensitive information, as defined by the agency. At a minimum, sharing of credit card numbers, taxpayer identification numbers (TINs), and Social Security numbers (SSNs) via email SHALL be restricted.", "Result": "N/A", "Criticality": "Shall/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams62v1 for instructions on a manual check." } ] }, { "GroupName": "Malware Scanning", "GroupNumber": "7", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#7-malware-scanning", "Controls": [ { "Control ID": "MS.TEAMS.7.1v1", "Requirement": "Attachments included with Teams messages SHOULD be scanned for malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams71v1 for instructions on a manual check." }, { "Control ID": "MS.TEAMS.7.2v1", "Requirement": "Users SHOULD be prevented from opening or downloading files detected as malware.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams72v1 for instructions on a manual check." } ] }, { "GroupName": "Link Protection", "GroupNumber": "8", "GroupReferenceURL": "https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#8-link-protection", "Controls": [ { "Control ID": "MS.TEAMS.8.1v1", "Requirement": "URL comparison with a blocklist SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams81v1 for instructions on a manual check." }, { "Control ID": "MS.TEAMS.8.2v1", "Requirement": "User click tracking SHOULD be enabled.", "Result": "N/A", "Criticality": "Should/3rd Party", "Details": "A custom product can be used to fulfill this policy requirement. If a custom product is used, a 3rd party assessment tool or manual review is needed to ensure compliance. If you are using Defender for Office 365 to implement this policy, ensure when running ScubaGear that 'defender' is an argument to the -ProductNames parameter. Then, review the corresponding Defender policy that fulfills the requirements of this policy on the Defender ScubaGear HTML report. See the Secure Configuration Baseline policy, https://github.com/cisagov/ScubaGear/blob/v1.5.0/PowerShell/ScubaGear/baselines/teams.md#msteams82v1 for instructions on a manual check." } ] } ] }, "Raw": { "baseline_version": "1", "module_version": "1.5.0", "date": "12/18/2024 09:40:27 Central Standard Time", "timestamp_zulu": "2024-12-18T15:40:27.138Z", "report_uuid": "550fbc57-f602-4b40-bb9a-7ad30a157208", "tenant_details": [ { "AADAdditionalData": { "AssignedPlans": [ { "AssignedDateTime": "\/Date(1729382893000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "f6de4823-28fa-440b-b886-4783fa86ddba" }, { "AssignedDateTime": "\/Date(1701807102000)\/", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915" }, { "AssignedDateTime": "\/Date(1701807102000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8" }, { "AssignedDateTime": "\/Date(1682823962000)\/", "CapabilityStatus": "Deleted", "Service": "exchange", "ServicePlanId": "113feb6c-3fe4-4440-bddc-54d774bf0318" }, { "AssignedDateTime": "\/Date(1676979479000)\/", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "6c57d4b6-3b23-47a5-9bc9-69f17b4947b3" }, { "AssignedDateTime": "\/Date(1676979478000)\/", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "bea4c11e-220a-4e6d-8eb8-8ea15d019f90" }, { "AssignedDateTime": "\/Date(1676979478000)\/", "CapabilityStatus": "Deleted", "Service": "RMSOnline", "ServicePlanId": "5689bec4-755d-4753-8b61-40975025187c" }, { "AssignedDateTime": "\/Date(1676979170000)\/", "CapabilityStatus": "Deleted", "Service": "Adallom", "ServicePlanId": "8c098270-9dd4-4350-9b30-ba4703f3b36b" }, { "AssignedDateTime": "\/Date(1674387225000)\/", "CapabilityStatus": "Enabled", "Service": "MIPExchangeSolutions", "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6" }, { "AssignedDateTime": "\/Date(1666375096000)\/", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce" }, { "AssignedDateTime": "\/Date(1666375094000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757" }, { "AssignedDateTime": "\/Date(1666375094000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftEndpointDLP", "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e" }, { "AssignedDateTime": "\/Date(1666375096000)\/", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98" }, { "AssignedDateTime": "\/Date(1666375093000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0" }, { "AssignedDateTime": "\/Date(1666375095000)\/", "CapabilityStatus": "Enabled", "Service": "Office365InsiderRisk", "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75" }, { "AssignedDateTime": "\/Date(1666375094000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7" }, { "AssignedDateTime": "\/Date(1666375094000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f" }, { "AssignedDateTime": "\/Date(1666300549000)\/", "CapabilityStatus": "Enabled", "Service": "Bing", "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftThreatProtection", "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "SharePoint", "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "SharePoint", "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692" }, { "AssignedDateTime": "\/Date(1666300549000)\/", "CapabilityStatus": "Enabled", "Service": "WhiteboardServices", "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "OfficeForms", "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "ProjectWorkManagement", "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftOffice", "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "M365CommunicationCompliance", "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "M365LabelAnalytics", "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "TeamspaceAPI", "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftStream", "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547" }, { "AssignedDateTime": "\/Date(1666300549000)\/", "CapabilityStatus": "Enabled", "Service": "To-Do", "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67" }, { "AssignedDateTime": "\/Date(1666300549000)\/", "CapabilityStatus": "Enabled", "Service": "ProjectProgramsAndPortfolios", "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "PowerAppsServiceGCC", "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "MicrosoftCommunicationsOnline", "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "Fairfax-MicrosoftPowerBI-WFE", "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "M365LabelAnalytics", "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "CRM", "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10" }, { "AssignedDateTime": "\/Date(1666300551000)\/", "CapabilityStatus": "Enabled", "Service": "RMSOnline", "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "exchange", "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b" }, { "AssignedDateTime": "\/Date(1666300550000)\/", "CapabilityStatus": "Enabled", "Service": "ProcessSimpleGCC", "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246" }, { "AssignedDateTime": "\/Date(1666300529000)\/", "CapabilityStatus": "Enabled", "Service": "AzureAdvancedThreatAnalytics", "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f" }, { "AssignedDateTime": "\/Date(1666300529000)\/", "CapabilityStatus": "Enabled", "Service": "AADPremiumService", "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998" }, { "AssignedDateTime": "\/Date(1666300530000)\/", "CapabilityStatus": "Enabled", "Service": "AADPremiumService", "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d" }, { "AssignedDateTime": "\/Date(1666300529000)\/", "CapabilityStatus": "Enabled", "Service": "MultiFactorService", "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0" }, { "AssignedDateTime": "\/Date(1666300529000)\/", "CapabilityStatus": "Enabled", "Service": "Adallom", "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2" }, { "AssignedDateTime": "\/Date(1666300529000)\/", "CapabilityStatus": "Enabled", "Service": "SCO", "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5" }, { "AssignedDateTime": "\/Date(1646945063000)\/", "CapabilityStatus": "Enabled", "Service": "WindowsAzure", "ServicePlanId": "fca3e605-0754-4279-8504-3f1229f29614" }, { "AssignedDateTime": "\/Date(1638885214000)\/", "CapabilityStatus": "Enabled", "Service": "WindowsDefenderATP", "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef" }, { "AssignedDateTime": "\/Date(1616437077000)\/", "CapabilityStatus": "Deleted", "Service": "SCO", "ServicePlanId": "882e1d05-acd1-4ccb-8708-6ee03664b117" }, { "AssignedDateTime": "\/Date(1614604981000)\/", "CapabilityStatus": "Deleted", "Service": "SCO", "ServicePlanId": "882e1d05-acd1-4ccb-8708-6ee03664b117" } ], "Branding": { "BackgroundColor": null, "BackgroundImage": null, "BackgroundImageRelativeUrl": null, "BannerLogo": null, "BannerLogoRelativeUrl": null, "CdnList": null, "ContentCustomization": { "AttributeCollection": null, "AttributeCollectionRelativeUrl": null, "RegistrationCampaign": null, "RegistrationCampaignRelativeUrl": null }, "CustomAccountResetCredentialsUrl": null, "CustomCannotAccessYourAccountText": null, "CustomCannotAccessYourAccountUrl": null, "CustomCss": null, "CustomCssRelativeUrl": null, "CustomForgotMyPasswordText": null, "CustomPrivacyAndCookiesText": null, "CustomPrivacyAndCookiesUrl": null, "CustomResetItNowText": null, "CustomTermsOfUseText": null, "CustomTermsOfUseUrl": null, "Favicon": null, "FaviconRelativeUrl": null, "HeaderBackgroundColor": null, "HeaderLogo": null, "HeaderLogoRelativeUrl": null, "Id": null, "Localizations": null, "LoginPageLayoutConfiguration": { "IsFooterShown": null, "IsHeaderShown": null, "LayoutTemplateType": null }, "LoginPageTextVisibilitySettings": { "HideAccountResetCredentials": null, "HideCannotAccessYourAccount": null, "HideForgotMyPassword": null, "HidePrivacyAndCookies": null, "HideResetItNow": null, "HideTermsOfUse": null }, "SignInPageText": null, "SquareLogo": null, "SquareLogoDark": null, "SquareLogoDarkRelativeUrl": null, "SquareLogoRelativeUrl": null, "UsernameHintText": null }, "BusinessPhones": [ "1234567890" ], "CertificateBasedAuthConfiguration": null, "CertificateConnectorSetting": { "CertExpiryTime": null, "ConnectorVersion": null, "EnrollmentError": null, "LastConnectorConnectionTime": null, "LastUploadVersion": null, "Status": null }, "City": null, "Country": null, "CountryLetterCode": null, "CreatedDateTime": "\/Date(1613679244000)\/", "DefaultUsageLocation": null, "DeletedDateTime": null, "DirectorySizeQuota": { "Total": 300000, "Used": 1207 }, "DisplayName": "tqhjy", "Extensions": null, "Id": "3c19c757-3b55-411f-b03f-2bcc514a598d", "IsMultipleDataLocationsForServicesEnabled": null, "MarketingNotificationEmails": [ ], "MobileDeviceManagementAuthority": { }, "OnPremisesLastPasswordSyncDateTime": null, "OnPremisesLastSyncDateTime": "\/Date(1661362185000)\/", "OnPremisesSyncEnabled": true, "PartnerInformation": { "CommerceUrl": null, "CompanyName": null, "CompanyType": null, "HelpUrl": null, "PartnerTenantId": null, "SupportEmails": null, "SupportTelephones": null, "SupportUrl": null }, "PartnerTenantType": null, "PostalCode": null, "PreferredLanguage": "en", "PrivacyProfile": { "ContactEmail": "", "StatementUrl": "" }, "ProvisionedPlans": [ { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "Adallom" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Deleted", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SCO" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SharePoint" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "SharePoint" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "exchange" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "MicrosoftCommunicationsOnline" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "ProjectWorkManagement" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "Adallom" }, { "CapabilityStatus": "Enabled", "ProvisioningStatus": "Success", "Service": "RMSOnline" } ], "SecurityComplianceNotificationMails": [ ], "SecurityComplianceNotificationPhones": [ ], "Settings": { "ContactInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null }, "Id": null, "ItemInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null }, "MicrosoftApplicationDataAccess": { "DisabledForGroup": null, "Id": null, "IsEnabledForAllMicrosoftApplications": null }, "PeopleInsights": { "DisabledForGroup": null, "Id": null, "IsEnabledInOrganization": null } }, "State": null, "Street": null, "TechnicalNotificationMails": [ "admin@example.com" ], "TenantType": "AAD", "VerifiedDomains": [ { "Capabilities": "Email, OfficeCommunicationsOnline", "IsDefault": true, "IsInitial": true, "Name": "tqhjy.onmicrosoft.com", "Type": "Managed" } ], "AdditionalProperties": { "onPremisesSyncStatus": [ "System.Collections.Generic.Dictionary`2[System.String,System.Object]" ] } }, "TenantId": "27ecc021-87f7-4346-9682-b62bf3966808", "DisplayName": "tqhjy", "DomainName": "tqhjy.onmicrosoft.com" } ], "scuba_config": { }, "conditional_access_policies": [ { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1647536088205)\/", "Description": null, "DisplayName": "Live - Session Length SHALL be Limited", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": null, "CustomAuthenticationFactors": null, "Operator": null, "TermsOfUse": null }, "Id": "e430772e-f1c9-4618-9b68-4f125e80a288", "ModifiedDateTime": "\/Date(1717372277946)\/", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": "primaryAndSecondaryAuthentication", "FrequencyInterval": "timeBased", "IsEnabled": true, "Type": "days", "Value": 4 } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1647536401180)\/", "Description": null, "DisplayName": "Live - Browser Sessions SHALL NOT be Persistent", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": null, "CustomAuthenticationFactors": null, "Operator": null, "TermsOfUse": null }, "Id": "75fd3dde-7974-4bbf-8912-19f36b9f054d", "ModifiedDateTime": "\/Date(1671042607797)\/", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": true, "Mode": "never" }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "exchangeActiveSync", "other" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1698255149380)\/", "Description": null, "DisplayName": "MS.AAD.1.1v1 Legacy authentication SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "f56276cf-d30f-4e0f-9d73-d72f99370dcb", "ModifiedDateTime": "\/Date(1718828117667)\/", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ "high" ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1698255528762)\/", "Description": null, "DisplayName": "MS.AAD.2.1v1 Users detected as high risk SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "0ca1b87a-357b-4835-8e10-d226267fa8ea", "ModifiedDateTime": "\/Date(1718828492397)\/", "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ "high" ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1698255635990)\/", "Description": null, "DisplayName": "MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "block" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "d1ba2665-d4d5-4708-8f6b-b1ab5f2b2b0b", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } }, { "Conditions": { "Applications": { "ApplicationFilter": { "Mode": null, "Rule": null }, "ExcludeApplications": [ ], "IncludeApplications": [ "All" ], "IncludeAuthenticationContextClassReferences": [ ], "IncludeUserActions": [ ] }, "AuthenticationFlows": { "TransferMethods": null }, "ClientAppTypes": [ "all" ], "ClientApplications": { "ExcludeServicePrincipals": null, "IncludeServicePrincipals": null, "ServicePrincipalFilter": { "Mode": null, "Rule": null } }, "DeviceStates": { "ExcludeStates": null, "IncludeStates": null }, "Devices": { "DeviceFilter": { "Mode": null, "Rule": null }, "ExcludeDeviceStates": null, "ExcludeDevices": null, "IncludeDeviceStates": null, "IncludeDevices": null }, "InsiderRiskLevels": null, "Locations": { "ExcludeLocations": null, "IncludeLocations": null }, "Platforms": { "ExcludePlatforms": null, "IncludePlatforms": null }, "ServicePrincipalRiskLevels": null, "SignInRiskLevels": [ ], "UserRiskLevels": [ ], "Users": { "ExcludeGroups": [ ], "ExcludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "ExcludeRoles": [ ], "ExcludeUsers": [ ], "IncludeGroups": [ ], "IncludeGuestsOrExternalUsers": { "ExternalTenants": { "MembershipKind": null }, "GuestOrExternalUserTypes": null }, "IncludeRoles": [ ], "IncludeUsers": [ "All" ] } }, "CreatedDateTime": "\/Date(1698255712623)\/", "Description": null, "DisplayName": "MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users", "GrantControls": { "AuthenticationStrength": { "AllowedCombinations": null, "CombinationConfigurations": null, "CreatedDateTime": null, "Description": null, "DisplayName": null, "Id": null, "ModifiedDateTime": null, "PolicyType": null, "RequirementsSatisfied": null }, "BuiltInControls": [ "mfa" ], "CustomAuthenticationFactors": [ ], "Operator": "OR", "TermsOfUse": [ ] }, "Id": "a205d789-8090-43d1-b42b-0d915b08fbfd", "ModifiedDateTime": null, "SessionControls": { "ApplicationEnforcedRestrictions": { "IsEnabled": null }, "CloudAppSecurity": { "CloudAppSecurityType": null, "IsEnabled": null }, "ContinuousAccessEvaluation": { "Mode": null }, "DisableResilienceDefaults": null, "PersistentBrowser": { "IsEnabled": null, "Mode": null }, "SecureSignInSession": { "IsEnabled": null }, "SignInFrequency": { "AuthenticationType": null, "FrequencyInterval": null, "IsEnabled": null, "Type": null, "Value": null } }, "State": "enabled", "AdditionalProperties": { } } ], "cap_table_data": [ { "Name": "Live - Session Length SHALL be Limited", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "None", "Session Controls": [ "Sign-in frequency (every 4 days)" ] }, { "Name": "Live - Browser Sessions SHALL NOT be Persistent", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "None", "Session Controls": [ "Persistent browser session (never persistent)" ] }, { "Name": "MS.AAD.1.1v1 Legacy authentication SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: Exchange ActiveSync Clients, Other clients" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.2.1v1 Users detected as high risk SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "User risk levels: high", "Client apps included: all" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.2.3v1 Sign-ins detected as high risk SHALL be blocked", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Sign-in risk levels: high", "Client apps included: all" ], "Block/Grant Access": "Block access", "Session Controls": [ "None" ] }, { "Name": "MS.AAD.3.2v1 If phishing-resistant MFA has not been enforced, an alternative MFA method SHALL be enforced for all users", "State": "On", "Users": [ "Users included: All", "Users excluded: None" ], "Apps/Actions": [ "Policy applies to: apps", "Apps included: All", "Apps excluded: None" ], "Conditions": [ "Client apps included: all" ], "Block/Grant Access": "Allow access but require multifactor authentication", "Session Controls": [ "None" ] } ], "authorization_policies": [ { "AllowEmailVerifiedUsersToJoinOrganization": true, "AllowInvitesFrom": "adminsAndGuestInviters", "AllowUserConsentForRiskyApps": false, "AllowedToSignUpEmailBasedSubscriptions": true, "AllowedToUseSspr": true, "BlockMsolPowerShell": false, "DefaultUserRoleOverrides": null, "DefaultUserRolePermissions": { "AllowedToCreateApps": false, "AllowedToCreateSecurityGroups": true, "AllowedToCreateTenants": true, "AllowedToReadBitlockerKeysForOwnedDevice": true, "AllowedToReadOtherUsers": true }, "DeletedDateTime": null, "Description": "Used to manage authorization related settings across the company.", "DisplayName": "Authorization Policy", "EnabledPreviewFeatures": [ ], "GuestUserRoleId": "10dae51f-b6af-4016-8d66-8c2a99b929b3", "Id": "authorizationPolicy", "PermissionGrantPolicyIdsAssignedToDefaultUserRole": [ "ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-chat", "ManagePermissionGrantsForOwnedResource.microsoft-dynamically-managed-permissions-for-team", "ManagePermissionGrantsForSelf.microsoft-user-default-legacy" ] } ], "privileged_users": { "66b4d5c2-71c9-4644-8728-74e3a8324d81": { "DisplayName": "John Public", "roles": [ "Hybrid Identity Administrator", "Privileged Role Administrator", "Application Administrator", "Exchange Administrator", "User Administrator", "Cloud Application Administrator", "Global Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null }, "b49c71b8-d1a0-4e36-8f6d-9e66fbb98f0d": { "DisplayName": "Jane Doe", "roles": [ "Exchange Administrator", "Global Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null }, "1bdebb27-053d-48f2-9413-d836ebedf0e8": { "DisplayName": "John Doe", "roles": [ "Exchange Administrator", "SharePoint Administrator", "SharePoint Administrator" ], "OnPremisesImmutableId": null } }, "privileged_roles": [ { "DisplayName": "Global Administrator", "RoleTemplateId": "62e90394-69f5-4237-9190-012177145e10", "Assignments": [ { "startDateTime": "\/Date(1647533824543)\/", "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEOpg3ULpV-pHikOiE9NqnLA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "4616f5af-97e5-4849-b8a0-aa1111cee134", "id": "lAPpYvVpN0KRkAEhdxReEOpg3ULpV-pHikOiE9NqnLA-1", "principalId": "f1c7e52c-7305-4852-8cb9-040f5c88a0ff", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "id": "lAPpYvVpN0KRkAEhdxReEKhQmi2IZutIhkaGrLdOLwU-1", "principalId": "f1c7e52c-7305-4852-8cb9-040f5c88a0ff", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "id": "lAPpYvVpN0KRkAEhdxReEHwV0C627m1FobGeEeQDs5s-1", "principalId": "8421e4d6-f585-4e7a-a7a3-b2749b97cae8", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "id": "lAPpYvVpN0KRkAEhdxReEJhnQWuyh4tNnSdUPpYIzLY-1", "principalId": "6b416798-87b2-4d8b-9d27-543e9608ccb6", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "id": "lAPpYvVpN0KRkAEhdxReEJmFf5QA7f9MuOqpJcR6L98-1", "principalId": "947f8599-ed00-4cff-b8ea-a925c47a2fdf", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "id": "lAPpYvVpN0KRkAEhdxReEBzmca5l9LZNjSZfPlK92AA-1", "principalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" }, { "startDateTime": null, "roleAssignmentOriginId": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "id": "lAPpYvVpN0KRkAEhdxReEHBXl8g9jO9DhGZnhYSjLeU-1", "principalId": "c8975770-8c3d-43ef-8466-678584a32de5", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "62e90394-69f5-4237-9190-012177145e10" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P15D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.singleUser", "isBackup": false, "id": "a48efc2a-eb97-415d-a29a-c6ff10f24b70", "description": "John Public" }, { "@odata.type": "#microsoft.graph.singleUser", "isBackup": false, "id": "6ceb7ab2-3c57-4969-a425-f76e726e8ab4", "description": "John Doe" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Global Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "User Administrator", "RoleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1", "Assignments": [ { "startDateTime": null, "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "id": "5wuT_mJe20eRr5jDpJo4sXwV0C627m1FobGeEeQDs5s-1", "principalId": "8421e4d6-f585-4e7a-a7a3-b2749b97cae8", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1" }, { "startDateTime": null, "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sb6av3bZQllPmeKd42onBeA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sb6av3bZQllPmeKd42onBeA-1", "id": "5wuT_mJe20eRr5jDpJo4sb6av3bZQllPmeKd42onBeA-1", "principalId": "76bf9abe-42d9-4f59-99e2-9de36a2705e0", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1" }, { "startDateTime": null, "roleAssignmentOriginId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "id": "5wuT_mJe20eRr5jDpJo4sRzmca5l9LZNjSZfPlK92AA-1", "principalId": "ae71e61c-f465-4db6-8d26-5f3e52bdd800", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "fe930be7-5e62-47db-91af-98c3a49a38b1" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "User Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Exchange Administrator", "RoleTemplateId": "29232cdf-9323-42fd-ade2-1d097af3e4de", "Assignments": [ { "startDateTime": "\/Date(1698183755703)\/", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3kcVpbOMP1tHg_cxXsxBHwk-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "7c437a1e-806b-46b8-a292-492eb51b0b92", "id": "3ywjKSOT_UKt4h0JevPk3kcVpbOMP1tHg_cxXsxBHwk-1", "principalId": "b3a51547-3f8c-475b-83f7-315ecc411f09", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "\/Date(1648659568260)\/", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3tZJ7dK1F15HuY1ERGMIh18-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "a7621401-7a86-4529-afa1-e8cf6c0b3803", "id": "3ywjKSOT_UKt4h0JevPk3tZJ7dK1F15HuY1ERGMIh18-1", "principalId": "d2ed49d6-17b5-475e-b98d-44446308875f", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "\/Date(1698180928977)\/", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3oMvMiVDshdEgtyHzg12f7Q-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "ca75b166-6cda-4274-b0d1-f6c8d47f113c", "id": "3ywjKSOT_UKt4h0JevPk3oMvMiVDshdEgtyHzg12f7Q-1", "principalId": "25322f83-b243-4417-82dc-87ce0d767fb4", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" }, { "startDateTime": "\/Date(1698244327697)\/", "roleAssignmentOriginId": "3ywjKSOT_UKt4h0JevPk3l2qS3XYAxpAo9TCF4ysGtw-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "632babd2-76f8-48a1-8eae-ecfb0196a23b", "id": "3ywjKSOT_UKt4h0JevPk3l2qS3XYAxpAo9TCF4ysGtw-1", "principalId": "754baa5d-03d8-401a-a3d4-c2178cac1adc", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "29232cdf-9323-42fd-ade2-1d097af3e4de" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": true, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "Privileged Escalation Approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Exchange Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "SharePoint Administrator", "RoleTemplateId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c", "Assignments": [ { "startDateTime": "\/Date(1704924054887)\/", "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "675049b9-096c-4fa9-843c-c466fe9b34da", "id": "UB-K8uf2cUWBi2oS8q9rbJETiLuPI4hAjEAgc_yTTNc-1", "principalId": "bb881391-238f-4088-8c40-2073fc934cd7", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" }, { "startDateTime": "\/Date(1698180323417)\/", "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "3b365172-71c2-4b13-a6c5-b6e3524aeba4", "id": "UB-K8uf2cUWBi2oS8q9rbIMvMiVDshdEgtyHzg12f7Q-1", "principalId": "25322f83-b243-4417-82dc-87ce0d767fb4", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" }, { "startDateTime": "\/Date(1726872970177)\/", "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbIaS2Zf3iQNBg0OaAIPyckE-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "21f6a270-947c-4d44-96fa-f4df1e05ddf6", "id": "UB-K8uf2cUWBi2oS8q9rbIaS2Zf3iQNBg0OaAIPyckE-1", "principalId": "97d99286-89f7-4103-8343-9a0083f27241", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" }, { "startDateTime": null, "roleAssignmentOriginId": "UB-K8uf2cUWBi2oS8q9rbL6HzCF7b8NLiF9zceYfTfI-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "UB-K8uf2cUWBi2oS8q9rbL6HzCF7b8NLiF9zceYfTfI-1", "id": "UB-K8uf2cUWBi2oS8q9rbL6HzCF7b8NLiF9zceYfTfI-1", "principalId": "21cc87be-6f7b-4bc3-885f-7371e61f4df2", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "f28a1f50-f6e7-4571-818b-6a12f2af6b6c" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P180D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": true, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "SharePoint Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Application Administrator", "RoleTemplateId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3", "Assignments": [ { "startDateTime": "\/Date(1648587304797)\/", "roleAssignmentOriginId": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "69f5b475-3595-4447-83ff-85b6d7132a0c", "id": "kl2Jm9Msx0SdAqasLV6lw7CVAgFZ8N5GoYOOHhyOzjA-1", "principalId": "010295b0-f059-46de-a183-8e1e1c8ece30", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT2H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ "testme@example.com" ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Privileged Role Administrator", "RoleTemplateId": "e8611ab8-c189-46e8-94e1-60213ab1f814", "Assignments": [ { "startDateTime": "\/Date(1647482863980)\/", "roleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "b6624013-0364-471b-a861-00aad19e7415", "id": "uBph6InB6EaU4WAhOrH4FOpg3ULpV-pHikOiE9NqnLA-1", "principalId": "f1c7e52c-7305-4852-8cb9-040f5c88a0ff", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814" }, { "startDateTime": null, "roleAssignmentOriginId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "assignmentType": "Assigned", "directoryScopeId": "/", "endDateTime": null, "roleAssignmentScheduleId": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "id": "uBph6InB6EaU4WAhOrH4FHD63wsgYRdMntj8byMyoUk-1", "principalId": "0bdffa70-6120-4c17-9ed8-fc6f2332a149", "appScopeId": null, "memberType": "Direct", "roleDefinitionId": "e8611ab8-c189-46e8-94e1-60213ab1f814" } ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P1D" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ { "@odata.type": "#microsoft.graph.groupMembers", "isBackup": false, "id": "54e56ffb-a568-4c65-b04a-7a6feabab17c", "description": "privileged escalation approvers" } ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Privileged Role Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Cloud Application Administrator", "RoleTemplateId": "158c047a-c907-4556-b7ef-446551a6b5f7", "Assignments": [ ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT8H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "MultiFactorAuthentication", "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Cloud Application Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] }, { "DisplayName": "Hybrid Identity Administrator", "RoleTemplateId": "8ac3fc64-6eca-42ea-9e69-59f4c7b60eb2", "Assignments": [ ], "Rules": [ { "Id": "Expiration_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "P365D" } }, { "Id": "Notification_Admin_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Enablement_Admin_Eligibility", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Eligibility", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ ] } }, { "Id": "Expiration_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": true, "maximumDuration": "P30D" } }, { "Id": "Enablement_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Notification_Admin_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_Admin_Assignment", "Target": { "Caller": "Admin", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Expiration_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule", "isExpirationRequired": false, "maximumDuration": "PT8H" } }, { "Id": "Enablement_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule", "enabledRules": [ "Justification" ] } }, { "Id": "Approval_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule", "setting": { "isApprovalRequired": false, "isApprovalRequiredForExtension": false, "isRequestorJustificationRequired": true, "approvalMode": "SingleStage", "approvalStages": [ { "approvalStageTimeOutInDays": 1, "isApproverJustificationRequired": true, "escalationTimeInMinutes": 0, "isEscalationEnabled": false, "primaryApprovers": [ ], "escalationApprovers": [ ] } ] } } }, { "Id": "AuthenticationContext_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule", "isEnabled": false, "claimValue": "" } }, { "Id": "Notification_Admin_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Admin", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Requestor_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Requestor", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } }, { "Id": "Notification_Approver_EndUser_Assignment", "Target": { "Caller": "EndUser", "EnforcedSettings": [ ], "InheritableSettings": [ ], "Level": "Assignment", "Operations": [ "All" ], "TargetObjects": null }, "RuleSource": "Hybrid Identity Administrator", "RuleSourceType": "Directory Role", "AdditionalProperties": { "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule", "notificationType": "Email", "recipientType": "Approver", "notificationLevel": "All", "isDefaultRecipientsEnabled": true, "notificationRecipients": [ ] } } ] } ], "service_plans": [ { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "922ba911-5694-4e99-a794-73aed9bfeec8", "ServicePlanName": "EXCHANGE_S_FOUNDATION_GOV", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "1ddffef6-4f69-455e-89c7-d5d72105f915", "ServicePlanName": "CDS_DB_CAPACITY_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "f6de4823-28fa-440b-b886-4783fa86ddba", "ServicePlanName": "M365_AUDIT_PLATFORM", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "cd31b152-6326-4d1b-ae1b-997b625182e6", "ServicePlanName": "MIP_S_Exchange", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "b74d57b2-58e9-484a-9731-aeccbba954f0", "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX_TOPICEXP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a6520331-d7d4-4276-95f5-15c0933bc757", "ServicePlanName": "GRAPH_CONNECTORS_SEARCH_INDEX", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bf6f5520-59e3-4f82-974b-7dbbc4fd27c7", "ServicePlanName": "SAFEDOCS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "9b7c50ec-cd50-44f2-bf48-d72de6f90717", "ServicePlanName": "PROJECT_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "3fb82609-8c27-4f7b-bd51-30634711ee67", "ServicePlanName": "BPOS_S_TODO_3", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "4a51bca5-1eff-43f5-878c-177680f191af", "ServicePlanName": "WHITEBOARD_PLAN3", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "94065c59-bc8e-4e8b-89e5-5138d471eaff", "ServicePlanName": "MICROSOFT_SEARCH", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "2b815d45-56e4-4e3a-b65c-66cb9175b560", "ServicePlanName": "ContentExplorer_Standard", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "c4801e8a-cb58-4c35-aca6-f2dcc106f287", "ServicePlanName": "INFORMATION_BARRIERS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bce5e5ca-c2fd-4d53-8ee2-58dfffed4c10", "ServicePlanName": "CDS_O365_P3_GCC", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a7d3fb37-b6df-4085-b509-50810d991a39", "ServicePlanName": "DYN365_CDS_O365_P3_GCC", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d2d51368-76c9-4317-ada2-a12c004c432f", "ServicePlanName": "ML_CLASSIFICATION", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "64bfac92-2b17-4482-b5e5-a0304429de3e", "ServicePlanName": "MICROSOFTENDPOINTDLP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a31ef4a2-f787-435e-8335-e47eb0cafc94", "ServicePlanName": "MCOSTANDARD_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "153f85dd-d912-4762-af6c-d6e0fb4f6692", "ServicePlanName": "SHAREPOINTENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "617b097b-4b93-4ede-83de-5f075bb5fb2f", "ServicePlanName": "PREMIUM_ENCRYPTION", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "944e9726-f011-4353-b654-5f7d2663db76", "ServicePlanName": "BI_AZURE_P_2_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8055d84a-c172-42eb-b997-6c2ae4628246", "ServicePlanName": "FLOW_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "0eacfc38-458a-40d3-9eab-9671258f1a3e", "ServicePlanName": "POWERAPPS_O365_P3_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8f9f0f3b-ca90-406c-a842-95579171f8ec", "ServicePlanName": "SHAREPOINTWAC_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5b4ef465-7ea1-459a-9f91-033317755a51", "ServicePlanName": "PROJECTWORKMANAGEMENT_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d1cbfb67-18a8-4792-b643-630b7f19aad1", "ServicePlanName": "EQUIVIO_ANALYTICS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "304767db-7d23-49e8-a945-4a7eb65f9f28", "ServicePlanName": "TEAMS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "92c2089d-9a53-49fe-b1a6-9e6bdf959547", "ServicePlanName": "STREAM_O365_E5_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "65cc641f-cccd-4643-97e0-a17e3045e541", "ServicePlanName": "RECORDS_MANAGEMENT", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "208120d1-9adb-4daf-8c22-816bd5d237e7", "ServicePlanName": "EXCHANGE_ANALYTICS_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "c1ec4a95-1f05-45b3-a911-aa3fa01094f5", "ServicePlanName": "INTUNE_A", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "d587c7a3-bda9-4f99-8776-9bcf59c84f75", "ServicePlanName": "INSIDER_RISK", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "900018f1-0cdb-4ecb-94d4-90281760fdc6", "ServicePlanName": "THREAT_INTELLIGENCE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "493ff600-6a2b-4db6-ad37-a7d4eb214516", "ServicePlanName": "ATP_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "14ab5db5-e6c4-4b20-b4bc-13e36fd2227f", "ServicePlanName": "ATA", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6db1f1db-2b46-403f-be40-e39395f08dbb", "ServicePlanName": "CUSTOMER_KEY", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6dc145d6-95dd-4191-b9c3-185575ee6f6b", "ServicePlanName": "COMMUNICATIONS_DLP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "2e2ddb96-6af9-4b1d-a3f0-d6ecfd22edb2", "ServicePlanName": "ADALLOM_S_STANDALONE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "199a5c09-e0ca-4e37-8f7c-b05d533e1ea2", "ServicePlanName": "MICROSOFTBOOKINGS", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8a256a2b-b617-496d-b51b-e76466e88db0", "ServicePlanName": "MFA_PREMIUM", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "db23fce2-a974-42ef-9002-d78dd42a0f22", "ServicePlanName": "MCOEV_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "bf28f719-7844-4079-9c78-c1307898e192", "ServicePlanName": "MTP", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "f544b08d-1645-4287-82de-8d91f37c02a1", "ServicePlanName": "MCOMEETADV_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "de9234ff-6483-44d9-b15e-dca72fdd27af", "ServicePlanName": "OFFICESUBSCRIPTION_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "2f442157-a11c-46b9-ae5b-6e39ff4e5849", "ServicePlanName": "M365_ADVANCED_AUDITING", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "a413a9ff-720c-4822-98ef-2f37c2a21f4c", "ServicePlanName": "MICROSOFT_COMMUNICATION_COMPLIANCE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5136a095-5cf0-4aff-bec3-e84448b38ea5", "ServicePlanName": "MIP_S_CLP1", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "efb0351d-3b08-4503-993d-383af8de41e3", "ServicePlanName": "MIP_S_CLP2", "AdditionalProperties": { } }, { "AppliesTo": "Company", "ProvisioningStatus": "Success", "ServicePlanId": "d9fa6af4-e046-4c89-9226-729a0786685d", "ServicePlanName": "Content_Explorer", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "843da3a8-d2cc-4e7a-9e90-dc46019f964c", "ServicePlanName": "FORMS_GOV_E5", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "8c3069c0-ccdb-44be-ab77-986203a67df2", "ServicePlanName": "EXCHANGE_S_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "89b5d3b1-3855-49fe-b46c-87c66dbc1526", "ServicePlanName": "LOCKBOX_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "1b66aedf-8ca1-4f73-af76-ec76c6180f98", "ServicePlanName": "RMS_S_PREMIUM_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "5400a66d-eaa5-427d-80f2-0f26d59d8fce", "ServicePlanName": "RMS_S_PREMIUM2_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "6a76346d-5d6e-4051-9fe3-ed3f312b5597", "ServicePlanName": "RMS_S_ENTERPRISE_GOV", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "eec0eb4f-6444-4f95-aba0-50c24d67f998", "ServicePlanName": "AAD_PREMIUM_P2", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "41781fb2-bc02-4b7c-bd55-b576c07bb09d", "ServicePlanName": "AAD_PREMIUM", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "e26c2fcc-ab91-4a61-b35c-03cdc8dddf66", "ServicePlanName": "INFO_GOVERNANCE", "AdditionalProperties": { } }, { "AppliesTo": "User", "ProvisioningStatus": "Success", "ServicePlanId": "871d91ec-ec1a-452b-a83f-bd76c7d770ef", "ServicePlanName": "WINDEFATP", "AdditionalProperties": { } } ], "directory_settings": [ { "DisplayName": "Group.Unified", "Id": "5ce54204-ef8d-44c5-af88-dc8bd4c16069", "TemplateId": "62375ab9-6b52-47ed-826b-58e47e0e304b", "Values": [ { "Name": "NewUnifiedGroupWritebackDefault", "Value": "true" }, { "Name": "EnableMIPLabels", "Value": "False" }, { "Name": "CustomBlockedWordsList", "Value": "" }, { "Name": "EnableMSStandardBlockedWords", "Value": "False" }, { "Name": "ClassificationDescriptions", "Value": "" }, { "Name": "DefaultClassification", "Value": "" }, { "Name": "PrefixSuffixNamingRequirement", "Value": "" }, { "Name": "AllowGuestsToBeGroupOwner", "Value": "False" }, { "Name": "AllowGuestsToAccessGroups", "Value": "True" }, { "Name": "GuestUsageGuidelinesUrl", "Value": "" }, { "Name": "GroupCreationAllowedGroupId", "Value": "67f62883-f97a-4192-a300-8a1576af8056" }, { "Name": "AllowToAddGuests", "Value": "True" }, { "Name": "UsageGuidelinesUrl", "Value": "" }, { "Name": "ClassificationList", "Value": "" }, { "Name": "EnableGroupCreation", "Value": "False" } ], "AdditionalProperties": { } }, { "DisplayName": "Consent Policy Settings", "Id": "62c1305f-60f0-4096-8d72-e1f74e8627f5", "TemplateId": "dffd5d46-495d-40a9-8e21-954ff55e198a", "Values": [ { "Name": "BlockUserConsentForRiskyApps", "Value": "true" }, { "Name": "EnableAdminConsentRequests", "Value": "false" } ], "AdditionalProperties": { } } ], "authentication_method": [ { "authentication_method_feature_settings": [ { "ExcludeTargets": [ ], "Id": "Fido2", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.fido2AuthenticationMethodConfiguration", "isSelfServiceRegistrationAllowed": true, "isAttestationEnforced": true, "defaultPasskeyProfile": "00000000-0000-0000-0000-000000000001", "keyRestrictions": { "isEnforced": true, "enforcementType": "allow", "aaGuids": [ "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "85203421-48f9-4355-9bc8-8a53846e5083" ] }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Fido2')/microsoft.graph.fido2AuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "e426e4a9-2045-48fe-9949-774a999f7972", "isRegistrationRequired": false, "allowedPasskeyProfiles": [ "00000000-0000-0000-0000-000000000001" ] } ], "passkeyProfiles": [ { "id": "00000000-0000-0000-0000-000000000001", "name": "FIDO2 default profile", "passkeyTypes": "deviceBound", "isAttestationEnforced": true, "keyRestrictions": { "isEnforced": true, "enforcementType": "allow", "aaGuids": [ "c1f9a0bc-1dd2-404a-b27f-8e29047a43fd", "73bb0cd4-e502-49b8-9c6f-b59445bf720b", "85203421-48f9-4355-9bc8-8a53846e5083" ] } } ] } }, { "ExcludeTargets": [ ], "Id": "MicrosoftAuthenticator", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration", "isSoftwareOathEnabled": false, "featureSettings": { "companionAppAllowedState": { "state": "default", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "numberMatchingRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "displayAppInformationRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } }, "displayLocationInformationRequiredState": { "state": "enabled", "includeTarget": { "targetType": "group", "id": "all_users" }, "excludeTarget": { "targetType": "group", "id": "00000000-0000-0000-0000-000000000000" } } }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('MicrosoftAuthenticator')/microsoft.graph.microsoftAuthenticatorAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false, "authenticationMode": "any" } ] } }, { "ExcludeTargets": [ ], "Id": "Sms", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.smsAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Sms')/microsoft.graph.smsAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "user", "id": "f1c7e52c-7305-4852-8cb9-040f5c88a0ff", "isRegistrationRequired": false, "isUsableForSignIn": true } ] } }, { "ExcludeTargets": [ ], "Id": "TemporaryAccessPass", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration", "defaultLifetimeInMinutes": 60, "defaultLength": 8, "minimumLifetimeInMinutes": 10, "maximumLifetimeInMinutes": 120, "isUsableOnce": true, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('TemporaryAccessPass')/microsoft.graph.temporaryAccessPassAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "HardwareOath", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('HardwareOath')/microsoft.graph.hardwareOathAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "SoftwareOath", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.softwareOathAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('SoftwareOath')/microsoft.graph.softwareOathAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "Voice", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.voiceAuthenticationMethodConfiguration", "isOfficePhoneAllowed": false, "isCustomGreetingEnabled": false, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Voice')/microsoft.graph.voiceAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "Email", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.emailAuthenticationMethodConfiguration", "allowExternalIdToUseEmailOtp": "disabled", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('Email')/microsoft.graph.emailAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ ] } }, { "ExcludeTargets": [ ], "Id": "X509Certificate", "State": "enabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.x509CertificateAuthenticationMethodConfiguration", "certificateUserBindings": [ { "x509CertificateField": "PrincipalName", "userProperty": "certificateUserIds", "priority": 1, "trustAffinityLevel": "low" } ], "authenticationModeConfiguration": { "x509CertificateAuthenticationDefaultMode": "x509CertificateSingleFactor", "x509CertificateDefaultRequiredAffinityLevel": "low", "rules": { "x509CertificateRuleType": "policyOID", "identifier": "2.16.840.1.101.3.2.1.3.13", "x509CertificateAuthenticationMode": "x509CertificateMultiFactor", "x509CertificateRequiredAffinityLevel": "low", "policyOidIdentifier": "2.16.840.1.101.3.2.1.3.13" } }, "issuerHintsConfiguration": { "state": "disabled" }, "crlValidationConfiguration": { "state": "disabled", "exemptedCertificateAuthoritiesSubjectKeyIdentifiers": [ ] }, "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('X509Certificate')/microsoft.graph.x509CertificateAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "64720f66-b5cc-41ae-aec7-562f90038952", "isRegistrationRequired": false }, { "targetType": "group", "id": "bf430dde-a18a-476d-977b-81796b4ab2c0", "isRegistrationRequired": false } ] } }, { "ExcludeTargets": [ ], "Id": "FederatedIdentityCredential", "State": "disabled", "AdditionalProperties": { "@odata.type": "#microsoft.graph.federatedIdentityCredentialAuthenticationMethodConfiguration", "includeTargets@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('FederatedIdentityCredential')/microsoft.graph.federatedIdentityCredentialAuthenticationMethodConfiguration/includeTargets", "includeTargets": [ { "targetType": "group", "id": "all_users", "isRegistrationRequired": false, "allowedProfiles": [ ] } ], "profiles@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations('FederatedIdentityCredential')/microsoft.graph.federatedIdentityCredentialAuthenticationMethodConfiguration/profiles", "profiles": [ ] } } ], "authentication_method_policy": { "Description": "The tenant-wide policy that controls which authentication methods are allowed in the tenant, authentication method registration requirements, and self-service password reset settings", "DisplayName": "Authentication Methods Policy", "Id": "authenticationMethodsPolicy", "LastModifiedDateTime": "\/Date(1708376786872)\/", "MicrosoftAuthenticatorPlatformSettings": { "EnforceAppPin": { "ExcludeTargets": null, "IncludeTargets": null } }, "PolicyMigrationState": "preMigration", "PolicyVersion": "1.5", "ReconfirmationInDays": null, "RegistrationEnforcement": { "AuthenticationMethodsRegistrationCampaign": { "EnforceRegistrationAfterAllowedSnoozes": true, "ExcludeTargets": [ { "Id": "64720f66-b5cc-41ae-aec7-562f90038952", "TargetType": "group" }, { "Id": "6066af10-d921-4de6-9ae4-7f01057ec372", "TargetType": "user" }, { "Id": "2bfd4ad1-66be-4952-9d8e-d80f228660a0", "TargetType": "user" }, { "Id": "7a22bd70-341c-4903-a014-d8cfd5c1d75f", "TargetType": "user" } ], "IncludeTargets": [ { "Id": "all_users", "TargetType": "group", "TargetedAuthenticationMethod": "microsoftAuthenticator" } ], "SnoozeDurationInDays": 1, "State": "disabled" } }, "ReportSuspiciousActivitySettings": { "IncludeTarget": { "Id": "all_users", "TargetType": "group" }, "State": "default", "VoiceReportingCode": 0 }, "SystemCredentialPreferences": { "ExcludeTargets": [ ], "IncludeTargets": [ { "Id": "all_users", "TargetType": "group" } ], "State": "default" }, "AdditionalProperties": { "@odata.context": "https://graph.microsoft.com/beta/$metadata#authenticationMethodsPolicy", "authenticationMethodConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationMethodsPolicy/authenticationMethodConfigurations" } } } ], "domain_settings": { "AuthenticationType": "Managed", "AvailabilityStatus": null, "DomainNameReferences": null, "FederationConfiguration": null, "Id": "tqhjy.onmicrosoft.com", "IsAdminManaged": true, "IsDefault": true, "IsInitial": true, "IsRoot": true, "IsVerified": true, "PasswordNotificationWindowInDays": 14, "PasswordValidityPeriodInDays": 2147483647, "RootDomain": { "AuthenticationType": null, "AvailabilityStatus": null, "DomainNameReferences": null, "FederationConfiguration": null, "Id": null, "IsAdminManaged": null, "IsDefault": null, "IsInitial": null, "IsRoot": null, "IsVerified": null, "PasswordNotificationWindowInDays": null, "PasswordValidityPeriodInDays": null, "RootDomain": "Microsoft.Graph.Beta.PowerShell.Models.MicrosoftGraphDomain", "ServiceConfigurationRecords": null, "SharedEmailDomainInvitations": null, "State": "Microsoft.Graph.Beta.PowerShell.Models.MicrosoftGraphDomainState", "SupportedServices": null, "VerificationDnsRecords": null }, "ServiceConfigurationRecords": null, "SharedEmailDomainInvitations": null, "State": { "LastActionDateTime": null, "Operation": null, "Status": null }, "SupportedServices": [ "Email", "OfficeCommunicationsOnline" ], "VerificationDnsRecords": null, "AdditionalProperties": { } }, "license_information": [ { "SkuId": "eddf428b-da0e-4115-accf-b29eb0b83965", "SkuPartNumber": "CDS_DB_CAPACITY_GOV", "ConsumedUnits": 0, "PrepaidUnits": { "Enabled": 1, "LockedOut": 0, "Suspended": 1, "Warning": 0 } }, { "SkuId": "e2be619b-b125-455f-8660-fb503e431a5d", "SkuPartNumber": "M365_G5_GCC", "ConsumedUnits": 25, "PrepaidUnits": { "Enabled": 30, "LockedOut": 0, "Suspended": 0, "Warning": 0 } } ], "total_user_count": 103, "aad_successful_commands": [ "Get-MgBetaIdentityConditionalAccessPolicy", "Get-MgBetaSubscribedSku", "Get-PrivilegedUser", "Get-PrivilegedRole", "Get-MgBetaUserCount", "Get-MgBetaPolicyAuthorizationPolicy", "Get-MgBetaDirectorySetting", "Get-MgBetaPolicyAuthenticationMethodPolicy", "Get-MgBetaDomain" ], "aad_unsuccessful_commands": [ ], "protection_policy_rules": [ { "HostedContentFilterPolicy": "Strict Preset Security Policy1681329956650", "AntiPhishPolicy": "Strict Preset Security Policy1681329955447", "MalwareFilterPolicy": "Strict Preset Security Policy1681329957931", "State": "Enabled", "Priority": 0, "Comments": null, "Description": "If the message:\r\n\trecipients's address domain portion belongs to any of these domains: 'badpeople.r.us'\r\nTake the following actions:\r\n\tApply hosted content filter policy \"Strict Preset Security Policy1681329956650\"., Apply AntiPhish policy \"Strict Preset Security Policy1681329955447\"., Apply malware filter policy \"Strict Preset Security Policy1681329957931\".\r\n", "RuleVersion": { "Major": 15, "Minor": 0, "Build": 5, "Revision": 2, "MajorRevision": 0, "MinorRevision": 2 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": [ "badpeople.r.us" ], "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" ], "Exceptions": null, "Identity": "Strict Preset Security Policy", "DistinguishedName": "CN=Strict Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", "ImmutableId": "9d0f5aee-cf8c-4239-9ec4-3560118c1b7e", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Strict Preset Security Policy", "IsValid": true, "WhenChanged": "\/Date(1734516882000)\/", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" }, { "HostedContentFilterPolicy": "Standard Preset Security Policy1659535432883", "AntiPhishPolicy": "Standard Preset Security Policy1659535429826", "MalwareFilterPolicy": "Standard Preset Security Policy1659535435292", "State": "Enabled", "Priority": 1, "Comments": null, "Description": "Take the following actions:\r\n\tApply hosted content filter policy \"Standard Preset Security Policy1659535432883\"., Apply AntiPhish policy \"Standard Preset Security Policy1659535429826\"., Apply malware filter policy \"Standard Preset Security Policy1659535435292\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Standard Preset Security Policy", "DistinguishedName": "CN=Standard Preset Security Policy,CN=EOPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "83318c49-93e8-497b-8fd3-614b090e6103", "ImmutableId": "83318c49-93e8-497b-8fd3-614b090e6103", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Standard Preset Security Policy", "IsValid": true, "WhenChanged": "\/Date(1734516734000)\/", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "atp_policy_rules": [ { "SafeAttachmentPolicy": "Strict Preset Security Policy1681329958553", "SafeLinksPolicy": "Strict Preset Security Policy1681329959203", "State": "Enabled", "Priority": 0, "Comments": null, "Description": "If the message:\r\n\trecipients's address domain portion belongs to any of these domains: 'badpeople.r.us'\r\nTake the following actions:\r\n\tApply safe attachment policy \"Strict Preset Security Policy1681329958553\"., Apply safe links policy \"Strict Preset Security Policy1681329959203\".\r\n", "RuleVersion": { "Major": 15, "Minor": 0, "Build": 5, "Revision": 2, "MajorRevision": 0, "MinorRevision": 2 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": [ "badpeople.r.us" ], "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.RecipientDomainIsPredicate" ], "Exceptions": null, "Identity": "Strict Preset Security Policy", "DistinguishedName": "CN=Strict Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", "ImmutableId": "92ea4876-f3bc-4f2f-9c6a-d4ad7bedc31e", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Strict Preset Security Policy", "IsValid": true, "WhenChanged": "\/Date(1734517038000)\/", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" }, { "SafeAttachmentPolicy": "Standard Preset Security Policy1659535436109", "SafeLinksPolicy": "Standard Preset Security Policy1659535436756", "State": "Enabled", "Priority": 1, "Comments": null, "Description": "Take the following actions:\r\n\tApply safe attachment policy \"Standard Preset Security Policy1659535436109\"., Apply safe links policy \"Standard Preset Security Policy1659535436756\".\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "SentTo": null, "SentToMemberOf": null, "RecipientDomainIs": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfRecipientDomainIs": null, "Conditions": null, "Exceptions": null, "Identity": "Standard Preset Security Policy", "DistinguishedName": "CN=Standard Preset Security Policy,CN=ATPProtectionPolicyRuleVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", "ImmutableId": "d6c7c877-13b8-4baf-a85c-bc1c008fa515", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Standard Preset Security Policy", "IsValid": true, "WhenChanged": "\/Date(1734516962000)\/", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "dlp_compliance_policies": [ { "Mode": "Enable", "DisplayName": "Default Office 365 DLP policy", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ "All" ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": { }, "PolicyCategory": "Unknown", "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-10-05T17:47:20.3689468Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", "Priority": 1, "ObjectVersion": "4cc4d54b-1416-44a5-29bb-08dcceba0cf7", "CreatedBy": "", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "This policy detects the presence of credit card numbers in externally shared documents and emails. End users are notified of the detection with the suggestion to consider either removing the sensitive data or restricting the sharing.", "Enabled": true, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "\/Date(1725675765653)\/", "CreationTimeUtc": "\/Date(1614655720970)\/", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default Office 365 DLP policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default Office 365 DLP policy", "DistinguishedName": "CN=Default Office 365 DLP policy,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "\/Date(1725657765000)\/", "WhenCreated": "\/Date(1617646100000)\/", "WhenChangedUTC": "\/Date(1725657765000)\/", "WhenCreatedUTC": "\/Date(1617646100000)\/", "ExchangeObjectId": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "OriginatingServer": "", "ObjectState": "Changed" }, { "Mode": "Disable", "DisplayName": "tqhjy DLP Policy for PII", "Type": "Dlp", "ExchangeLocation": [ "All" ], "SharePointLocation": [ "All" ], "SharePointLocationException": [ ], "OneDriveLocation": [ "All" ], "OneDriveLocationException": [ ], "ExchangeOnPremisesLocation": [ ], "SharePointOnPremisesLocation": [ ], "SharePointOnPremisesLocationException": [ ], "TeamsLocation": [ "All" ], "TeamsLocationException": [ ], "EndpointDlpLocation": [ ], "EndpointDlpLocationException": [ ], "ThirdPartyAppDlpLocation": [ ], "ThirdPartyAppDlpLocationException": [ ], "OnPremisesScannerDlpLocation": [ ], "OnPremisesScannerDlpLocationException": [ ], "PowerBIDlpLocation": [ ], "PowerBIDlpLocationException": [ ], "Locations": "", "LocationInclusions": [ ], "LocationExclusions": [ ], "EndpointDlpExtendedLocations": "", "ExchangeSender": [ ], "ExchangeSenderException": [ ], "PolicyTemplateInfo": { }, "PolicyCategory": "Unknown", "MatchedItemsCount": null, "TotalItemsCount": null, "TopNLocationStatistics": null, "WorkloadStatistics": null, "IsSimulationPolicy": false, "SimulationStatus": null, "AutoEnableAfter": null, "IsFromSmartInsights": null, "IsColdDataSimulationPolicy": false, "ExtendedProperties": null, "Summary": false, "OneDriveSharedBy": [ ], "ExceptIfOneDriveSharedBy": [ ], "OneDriveSharedByMemberOf": [ ], "ExceptIfOneDriveSharedByMemberOf": [ ], "ExchangeSenderMemberOf": [ ], "ExchangeSenderMemberOfException": [ ], "ExchangeAdaptiveScopes": null, "ExchangeAdaptiveScopesException": null, "SharePointAdaptiveScopes": null, "SharePointAdaptiveScopesException": null, "OneDriveAdaptiveScopes": null, "OneDriveAdaptiveScopesException": null, "TeamsAdaptiveScopes": null, "TeamsAdaptiveScopesException": null, "EndpointDlpAdaptiveScopes": null, "EndpointDlpAdaptiveScopesException": null, "ExpectedLocations": 0, "CompletedLocations": 0, "FailedLocations": 0, "ItemStatistics": null, "RuleMatchBlob": null, "ErrorMetadata": null, "UserAdministrativeUnitMembershipMap": null, "ForceValidate": false, "PolicyRulesMetaData": "{\"WhenRulesChangedUtc\":\"2023-06-14T14:36:08.0311995Z\"}", "ReusableComponentType": "Unknown", "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Priority": 2, "ObjectVersion": "2100d11a-6dd8-4e2a-4776-08dbcf0f5618", "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "ReadOnly": false, "ExternalIdentity": "", "Comment": "", "Enabled": false, "DistributionStatus": "Pending", "DistributionSyncStatus": "Unknown", "DistributionResults": null, "LastStatusUpdateTime": null, "ModificationTimeUtc": "\/Date(1697564897897)\/", "CreationTimeUtc": "\/Date(1618336038880)\/", "PolicyRBACScopes": [ ], "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy DLP Policy for PII", "DistinguishedName": "CN=tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedPolicy" ], "WhenChanged": "\/Date(1697546897000)\/", "WhenCreated": "\/Date(1618318038000)\/", "WhenChangedUTC": "\/Date(1697546897000)\/", "WhenCreatedUTC": "\/Date(1618318038000)\/", "ExchangeObjectId": "b800d92f-a479-47a9-bcfa-306db665aaa1", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "Guid": "b800d92f-a479-47a9-bcfa-306db665aaa1", "OriginatingServer": "", "ObjectState": "Changed" } ], "dlp_compliance_rules": [ { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "a7739b6b-9831-467a-a355-3ba7aab938bc", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Info_TypeITIN_Missing", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"BadInfoTypes\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. / U.K. Passport Number\",\r\n \"Id\": \"178ec42a-18b4-47cc-85c7-d62c92fd67f8\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Missing_ITIN_Has_UKPassports", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "e95437f3-7b8b-4055-9383-2686e02de873" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "0362dd12-1c3e-484b-983a-3b600a6f9e2a", "Comment": "Sensitive info types required except ITIN. Has additional UK Passports instead.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d1826caf-850a-4c5a-c335-08dbfd7bb17b", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Missing_ITIN_Has_UKPassports", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Missing_ITIN_Has_UKPassports", "DistinguishedName": "CN=Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1702651190000)\/", "WhenCreated": "\/Date(1702651039000)\/", "WhenChangedUTC": "\/Date(1702651190000)\/", "WhenCreatedUTC": "\/Date(1702651039000)\/", "ExchangeObjectId": "a7739b6b-9831-467a-a355-3ba7aab938bc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": null, "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": null, "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": null, "NotifyPolicyTipDisplayOption": null, "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "b01a6475-0529-411d-8d00-53cb06de1804", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Defender Baseline Testing Policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Default\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Default", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5090ec10-3b5b-464b-b789-4e65bc6b5e3e", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "8038a28b-7b5c-42a8-a852-4bb68707afec", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3b836b63-457d-441d-dd73-08dbc5db81c6", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1696535076000)\/", "WhenCreated": "\/Date(1696535076000)\/", "WhenChangedUTC": "\/Date(1696535076000)\/", "WhenCreatedUTC": "\/Date(1696535076000)\/", "ExchangeObjectId": "b01a6475-0529-411d-8d00-53cb06de1804", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "74f600e2-dccc-4d6f-a748-7bff5ed5da69", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "Default Office 365 DLP policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Social Security Number (SSN)\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Baseline Rule", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "Medium", "id": "e55e2a32-f92d-4985-a35d-a0b269eb687b", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Individual Taxpayer Identification Number (ITIN)", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "1", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a44669fe-0d48-453d-a9b1-2cc83f2cba77", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Social Security Number (SSN)", "mincount": "1", "maxcount": "-1" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "b314399f-5d64-4c49-98c3-06deb1be2b6f" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2e3f0308-5340-46ac-9f8d-d54f208a8024", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, OnPremisesScanner", "Policy": "8cb4f574-1a54-45e1-bf58-73bbe023ebad", "Comment": "Blocks the minimum items prescribed in the baseline: credit card numbers, TIN numbers, and SSN numbers.", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f0bf389d-c2df-49af-e933-08dbc5cb3521", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Baseline Rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Baseline Rule", "DistinguishedName": "CN=Baseline Rule,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1696528076000)\/", "WhenCreated": "\/Date(1651250001000)\/", "WhenChangedUTC": "\/Date(1696528076000)\/", "WhenCreatedUTC": "\/Date(1651250001000)\/", "ExchangeObjectId": "74f600e2-dccc-4d6f-a748-7bff5ed5da69", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": null, "GenerateAlert": [ ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "SiteAdmin", "LastModifier", "Owner" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "f2e78982-66b6-488a-a43a-e921800f6304", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "tqhjy DLP Policy for PII", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"9\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"1\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Low volume of content detected tqhjy DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "1", "maxcount": "9" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a2ce32a8-f935-4bb6-8e96-2a5157672e2c", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Bank Account Number", "mincount": "1", "maxcount": "9" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf", "minconfidence": "75", "classifiertype": "Content", "name": "ABA Routing Number", "mincount": "1", "maxcount": "9" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": "NotInOrganization", "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3dc18322-891b-436e-8240-755f95fef33c", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "b800d92f-a479-47a9-bcfa-306db665aaa1", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f6f7ec90-c0aa-4ae4-e784-08dafa37f4cf", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Low volume of content detected tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Low volume of content detected tqhjy DLP Policy for PII", "DistinguishedName": "CN=Low volume of content detected tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1674144746000)\/", "WhenCreated": "\/Date(1618318043000)\/", "WhenChangedUTC": "\/Date(1674144746000)\/", "WhenCreatedUTC": "\/Date(1618318043000)\/", "ExchangeObjectId": "f2e78982-66b6-488a-a43a-e921800f6304", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": false, "BlockAccessScope": null, "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": null, "GenerateAlert": [ ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier", "SiteAdmin", "Owner" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "8c40d462-f7c0-434d-bd37-d35c083c297a", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "tqhjy DLP Policy for PII", "ReportSeverityLevel": "High", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"AccessScope\",\r\n \"Value\": \"NotInOrganization\"\r\n },\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"Credit Card Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"85\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"High\"\r\n },\r\n {\r\n \"id\": \"a2ce32a8-f935-4bb6-8e96-2a5157672e2c\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"U.S. Bank Account Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n },\r\n {\r\n \"id\": \"cb353f78-2b72-4c3c-8827-92ebe4f69fdf\",\r\n \"maxconfidence\": \"100\",\r\n \"name\": \"ABA Routing Number\",\r\n \"maxcount\": \"-1\",\r\n \"minconfidence\": \"75\",\r\n \"classifiertype\": \"Content\",\r\n \"mincount\": \"10\",\r\n \"confidencelevel\": \"Medium\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "High volume of content detected tqhjy DLP Policy for PII", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": false, "ContentContainsSensitiveInformation": [ { "maxconfidence": "100", "confidencelevel": "High", "id": "50842eb7-edc8-4019-85dd-5a5c1f2bb085", "minconfidence": "85", "classifiertype": "Content", "name": "Credit Card Number", "mincount": "10", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "a2ce32a8-f935-4bb6-8e96-2a5157672e2c", "minconfidence": "75", "classifiertype": "Content", "name": "U.S. Bank Account Number", "mincount": "10", "maxcount": "-1" }, { "maxconfidence": "100", "confidencelevel": "Medium", "id": "cb353f78-2b72-4c3c-8827-92ebe4f69fdf", "minconfidence": "75", "classifiertype": "Content", "name": "ABA Routing Number", "mincount": "10", "maxcount": "-1" } ], "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": "NotInOrganization", "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b933b4dd-4152-4d9a-b4b5-0376f8b57d6d", "Priority": 1, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams", "Policy": "b800d92f-a479-47a9-bcfa-306db665aaa1", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "daf9a24d-19dd-4978-51b9-08dafa37f6c9", "MaximumBlobRuleLength": 0, "CreatedBy": "d459e626-e311-4242-bb40-263313097103", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected tqhjy DLP Policy for PII", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/High volume of content detected tqhjy DLP Policy for PII", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "High volume of content detected tqhjy DLP Policy for PII", "DistinguishedName": "CN=High volume of content detected tqhjy DLP Policy for PII,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1674144749000)\/", "WhenCreated": "\/Date(1618318041000)\/", "WhenChangedUTC": "\/Date(1674144749000)\/", "WhenCreatedUTC": "\/Date(1618318041000)\/", "ExchangeObjectId": "8c40d462-f7c0-434d-bd37-d35c083c297a", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false }, { "SubjectContainsWords": [ ], "ExceptIfSubjectContainsWords": [ ], "SubjectOrBodyMatchesPatterns": [ ], "ExceptIfSubjectOrBodyMatchesPatterns": [ ], "SubjectOrBodyContainsWords": [ ], "ExceptIfSubjectOrBodyContainsWords": [ ], "DocumentMatchesPatterns": [ ], "ExceptIfDocumentMatchesPatterns": [ ], "DocumentContainsWords": [ ], "ExceptIfDocumentContainsWords": [ ], "SenderADAttributeMatchesPatterns": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "SenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeContainsWords": null, "ContentCharacterSetContainsWords": [ ], "ExceptIfContentCharacterSetContainsWords": [ ], "DocumentNameMatchesPatterns": [ ], "ExceptIfDocumentNameMatchesPatterns": [ ], "MessageSizeOver": "", "ExceptIfMessageSizeOver": "", "AttachmentCountOver": null, "MessageTypeMatches": null, "ExceptIfMessageTypeMatches": null, "UnscannableDocumentExtensionIs": [ ], "ExceptIfUnscannableDocumentExtensionIs": [ ], "HeaderContainsWords": null, "ExceptIfHeaderContainsWords": null, "HeaderContainsTokens": null, "ExceptIfHeaderContainsTokens": null, "DeviceManagementType": null, "ExceptIfDeviceManagementType": null, "AccessedBy": [ ], "ExceptIfAccessedBy": [ ], "AccessedByMemberOf": [ ], "ExceptIfAccessedByMemberOf": [ ], "BlockAccess": true, "BlockAccessScope": "All", "EncryptRMSTemplate": null, "EnforcePortalAccess": true, "ApplyBrandingTemplate": "", "RemoveRMSTemplate": false, "EndpointDlpRestrictions": null, "EndpointDlpBrowserRestrictions": null, "ThirdPartyAppDlpRestrictions": null, "OnPremisesScannerDlpRestrictions": null, "PowerBIDlpRestrictions": null, "AlertProperties": { "AggregationType": "None" }, "GenerateAlert": [ "true" ], "GenerateIncidentReport": [ ], "IncidentReportContent": null, "NotifyUser": [ "LastModifier" ], "NotifyAllowOverride": null, "NotifyEmailCustomText": "", "NotifyEmailCustomSubject": "", "NotifyEmailCustomSenderDisplayName": "", "NotifyEmailExchangeIncludeAttachment": true, "NotifyEmailOnedriveRemediationActions": "NotSet", "NotifyJustificationCustomText": "", "NotifyJustificationCustomTextTranslations": [ ], "NotifyPolicyTipCustomText": "", "NotifyUserType": "NotSet", "NotifyPolicyTipCustomTextTranslations": [ ], "NotifyOverrideRequirements": "None", "NotifyPolicyTipDisplayOption": "Tip", "NotifyPolicyTipUrl": "", "NotifyPolicyTipCustomDialog": "", "NotifyEndpointUser": null, "RemoveHeader": [ ], "AccessTimeControl": null, "StopPolicyProcessing": false, "SetHeader": null, "AddRecipients": null, "Moderate": null, "ModifySubject": null, "MapRecipients": null, "RedirectMessageTo": null, "PrependSubject": "", "ApplyHtmlDisclaimer": null, "Quarantine": false, "TriggerPowerAutomateFlow": "", "RestrictAccess": null, "MipRestrictAccess": null, "SourceType": "", "Guid": "6198a220-b7ac-4308-aeb4-fd520a263121", "AdvancedRuleBuilderContext": null, "ParentPolicyName": "New DLP sensitive types policy", "ReportSeverityLevel": "Low", "ActivationDate": null, "ExpiryDate": null, "SenderType": null, "SenderAddressLocation": null, "AdvancedRule": "{\r\n \"Version\": \"1.0\",\r\n \"Condition\": {\r\n \"Operator\": \"And\",\r\n \"SubConditions\": [\r\n {\r\n \"ConditionName\": \"ContentContainsSensitiveInformation\",\r\n \"Value\": [\r\n {\r\n \"Groups\": [\r\n {\r\n \"Name\": \"Default\",\r\n \"Operator\": \"Or\",\r\n \"Sensitivetypes\": [\r\n {\r\n \"Name\": \"U.S. Social Security Number (SSN)\",\r\n \"Id\": \"a44669fe-0d48-453d-a9b1-2cc83f2cba77\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"U.S. Individual Taxpayer Identification Number (ITIN)\",\r\n \"Id\": \"e55e2a32-f92d-4985-a35d-a0b269eb687b\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"Medium\",\r\n \"Minconfidence\": 75,\r\n \"Maxconfidence\": 100\r\n },\r\n {\r\n \"Name\": \"Credit Card Number\",\r\n \"Id\": \"50842eb7-edc8-4019-85dd-5a5c1f2bb085\",\r\n \"Mincount\": 1,\r\n \"Maxcount\": -1,\r\n \"Confidencelevel\": \"High\",\r\n \"Minconfidence\": 85,\r\n \"Maxconfidence\": 100\r\n }\r\n ]\r\n }\r\n ],\r\n \"Operator\": \"And\"\r\n }\r\n ]\r\n }\r\n ]\r\n }\r\n}", "ExecutionRuleGuids": null, "DisplayName": "Restrict sensitive info types", "StorageBindings": null, "EvaluateRulePerComponent": false, "IsAdvancedRule": true, "ContentContainsSensitiveInformation": null, "ExceptIfContentContainsSensitiveInformation": null, "ContentMissingSensitivityLabel": null, "ContentIsNotLabeled": false, "AttachmentIsNotLabeled": false, "MessageIsNotLabeled": false, "DocumentCreatedBy": [ ], "ExceptIfDocumentCreatedBy": [ ], "DocumentSizeOver": "", "ExceptIfDocumentSizeOver": "", "DocumentNameMatchesWords": [ ], "ExceptIfDocumentNameMatchesWords": [ ], "AccessScope": null, "NonBifurcatingAccessScope": null, "ExceptIfAccessScope": null, "FromScope": null, "ExceptIfFromScope": null, "WithImportance": null, "ExceptIfWithImportance": null, "ExternalScenarioDependancies": { "ProtectionAlertId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6" }, "ContentPropertyContainsWords": [ ], "ExceptIfContentPropertyContainsWords": [ ], "From": null, "ExceptIfFrom": null, "FromMemberOf": null, "ExceptIfFromMemberOf": null, "DocumentIsUnsupported": false, "ExceptIfDocumentIsUnsupported": false, "HasSenderOverride": false, "ExceptIfHasSenderOverride": false, "RestrictBrowserAccess": false, "ProcessingLimitExceeded": false, "ExceptIfProcessingLimitExceeded": false, "SentTo": [ ], "ExceptIfSentTo": [ ], "RecipientDomainIs": [ ], "ExceptIfRecipientDomainIs": [ ], "DocumentIsPasswordProtected": false, "ExceptIfDocumentIsPasswordProtected": false, "SenderIPRanges": [ ], "ExceptIfSenderIPRanges": [ ], "ContentExtensionMatchesWords": [ ], "ExceptIfContentExtensionMatchesWords": [ ], "ContentFileTypeMatches": [ ], "ExceptIfContentFileTypeMatches": [ ], "HeaderMatchesPatterns": null, "ExceptIfHeaderMatchesPatterns": null, "SubjectMatchesPatterns": [ ], "ExceptIfSubjectMatchesPatterns": [ ], "AnyOfRecipientAddressContainsWords": [ ], "ExceptIfAnyOfRecipientAddressContainsWords": [ ], "AnyOfRecipientAddressMatchesPatterns": [ ], "ExceptIfAnyOfRecipientAddressMatchesPatterns": [ ], "FromAddressMatchesPatterns": [ ], "ExceptIfFromAddressMatchesPatterns": [ ], "FromAddressContainsWords": [ ], "ExceptIfFromAddressContainsWords": [ ], "SenderDomainIs": [ ], "ExceptIfSenderDomainIs": [ ], "SentToMemberOf": null, "ExceptIfSentToMemberOf": null, "DocumentCreatedByMemberOf": null, "ExceptIfDocumentCreatedByMemberOf": null, "HasLabelDowngradedFrom": [ ], "ContentIsShared": false, "ExceptIfContentIsShared": false, "SharedByIRMUserRisk": [ ], "MessageLabelChangeDetected": null, "ExceptIfMessageLabelChangeDetected": null, "RuleErrorAction": null, "RuleXml": "", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "af0870b6-6d6d-4bed-95e5-60529f32f325", "Priority": 0, "Workload": "Exchange, SharePoint, OneDriveForBusiness, Teams, EndpointDevices", "Policy": "d91d3f1f-9a8f-4074-a754-a21afdcf5a77", "Comment": "New baseline rule to restrict access to sensitive data types", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "000b9c42-97fe-4529-30e1-08dbcf31cf97", "MaximumBlobRuleLength": 0, "CreatedBy": "John Doe", "LastModifiedBy": "John Doe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/Restrict sensitive info types", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Restrict sensitive info types", "DistinguishedName": "CN=Restrict sensitive info types,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1697561704000)\/", "WhenCreated": "\/Date(1696535522000)\/", "WhenChangedUTC": "\/Date(1697561704000)\/", "WhenCreatedUTC": "\/Date(1696535522000)\/", "ExchangeObjectId": "6198a220-b7ac-4308-aeb4-fd520a263121", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "Changed", "IsObjectUnderSystemOperation": false, "IsSummarizedPsRule": false } ], "anti_phish_policies": [ { "Enabled": true, "ImpersonationProtectionState": "Manual", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessPolicy", "MailboxIntelligenceProtectionAction": "Quarantine", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessPolicy", "AuthenticationFailAction": "Quarantine", "SpoofQuarantineTag": "DefaultFullAccessPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": false, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 2, "TargetedUsersToProtect": [ "John Doe; johndoe@example.com" ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "tqhjy.mail.onmicrosoft.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ ], "ExcludedSubDomains": [ ], "IsDefault": true, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Custom", "Identity": "Office365 AntiPhish Default", "Id": "Office365 AntiPhish Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Office365 AntiPhish Default", "DistinguishedName": "CN=Office365 AntiPhish Default,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1723812853000)\/", "WhenCreated": "\/Date(1619484591000)\/", "WhenChangedUTC": "\/Date(1723812853000)\/", "WhenCreatedUTC": "\/Date(1619484591000)\/", "ExchangeObjectId": "84178a51-0850-4bd4-873c-b8eea28e304c", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "1c36a79e-281c-41ac-adf0-441a9ef992c3", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Enabled": true, "ImpersonationProtectionState": "Automatic", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "MailboxIntelligenceProtectionAction": "Quarantine", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "AuthenticationFailAction": "Quarantine", "SpoofQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": true, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 4, "TargetedUsersToProtect": [ ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "goodparnter.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ "johndoe@example.com" ], "ExcludedSubDomains": [ ], "IsDefault": false, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Strict", "Identity": "Strict Preset Security Policy1681329955447", "Id": "Strict Preset Security Policy1681329955447", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Strict Preset Security Policy1681329955447", "DistinguishedName": "CN=Strict Preset Security Policy1681329955447,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1734517409000)\/", "WhenCreated": "\/Date(1681329956000)\/", "WhenChangedUTC": "\/Date(1734517409000)\/", "WhenCreatedUTC": "\/Date(1681329956000)\/", "ExchangeObjectId": "dd855979-da0e-4109-b218-cebf593d1771", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "dd855979-da0e-4109-b218-cebf593d1771", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Enabled": true, "ImpersonationProtectionState": "Automatic", "EnableTargetedUserProtection": true, "EnableMailboxIntelligenceProtection": true, "EnableTargetedDomainsProtection": true, "EnableOrganizationDomainsProtection": true, "EnableMailboxIntelligence": true, "EnableFirstContactSafetyTips": true, "EnableSimilarUsersSafetyTips": true, "EnableSimilarDomainsSafetyTips": true, "EnableUnusualCharactersSafetyTips": true, "TargetedUserProtectionAction": "Quarantine", "TargetedUserQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "MailboxIntelligenceProtectionAction": "MoveToJmf", "MailboxIntelligenceQuarantineTag": "DefaultFullAccessPolicy", "TargetedDomainProtectionAction": "Quarantine", "TargetedDomainQuarantineTag": "DefaultFullAccessWithNotificationPolicy", "AuthenticationFailAction": "MoveToJmf", "SpoofQuarantineTag": "DefaultFullAccessPolicy", "EnableSpoofIntelligence": true, "EnableViaTag": true, "EnableUnauthenticatedSender": true, "EnableSuspiciousSafetyTip": false, "HonorDmarcPolicy": true, "DmarcRejectAction": "Reject", "DmarcQuarantineAction": "Quarantine", "PhishThresholdLevel": 3, "TargetedUsersToProtect": [ ], "TargetedUserActionRecipients": [ ], "MailboxIntelligenceProtectionActionRecipients": [ ], "TargetedDomainsToProtect": [ "goodparnter.com" ], "TargetedDomainActionRecipients": [ ], "ExcludedDomains": [ ], "ExcludedSenders": [ ], "ExcludedSubDomains": [ ], "IsDefault": false, "AdminDisplayName": "", "PolicyTag": "", "RecommendedPolicyType": "Standard", "Identity": "Standard Preset Security Policy1659535429826", "Id": "Standard Preset Security Policy1659535429826", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Standard Preset Security Policy1659535429826", "DistinguishedName": "CN=Standard Preset Security Policy1659535429826,CN=AntiPhish,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1734517409000)\/", "WhenCreated": "\/Date(1659535432000)\/", "WhenChangedUTC": "\/Date(1734517409000)\/", "WhenCreatedUTC": "\/Date(1659535432000)\/", "ExchangeObjectId": "c039f211-68f7-43e8-822f-91c1e0e018f7", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "c039f211-68f7-43e8-822f-91c1e0e018f7", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "protection_alerts": [ { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Enable", "DlpRuleId": "2e3f0308-5340-46ac-9f8d-d54f208a8024" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "Priority": 0, "Workload": "AuditAlerting", "Policy": "3b7a951e-cfb8-4c75-ae74-f93079e0f31a", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "45ac88f0-7198-4ed9-7f99-08dcceba0c89", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Baseline Rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Baseline Rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Baseline Rule", "DistinguishedName": "CN=DLP-Baseline Rule,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1725657765000)\/", "WhenCreated": "\/Date(1651249999000)\/", "WhenChangedUTC": "\/Date(1725657765000)\/", "WhenCreatedUTC": "\/Date(1651249999000)\/", "ExchangeObjectId": "b314399f-5d64-4c49-98c3-06deb1be2b6f", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "DlpRuleId": "6c63bd2e-3caf-4817-bab8-1794c388b8c8" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "e95437f3-7b8b-4055-9383-2686e02de873", "Priority": 0, "Workload": "AuditAlerting", "Policy": "56610fdb-910b-4b3f-b971-6695377c6a0c", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "f1bdcd22-6090-46ee-31eb-08dc5b00e60b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "e95437f3-7b8b-4055-9383-2686e02de873", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Missing_ITIN_Has_UKPassports", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Missing_ITIN_Has_UKPassports", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Missing_ITIN_Has_UKPassports", "DistinguishedName": "CN=DLP-Missing_ITIN_Has_UKPassports,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1712933859000)\/", "WhenCreated": "\/Date(1702651035000)\/", "WhenChangedUTC": "\/Date(1712933859000)\/", "WhenCreatedUTC": "\/Date(1702651035000)\/", "ExchangeObjectId": "e95437f3-7b8b-4055-9383-2686e02de873", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", "DlpRuleId": "07fef34e-65b6-459f-a460-ec6d1ac8edb0" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "96e8531f-40be-418f-8c4f-341009daf3bb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "18f8c433-451d-4618-9e66-064a666d098a", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "36ba8930-6dea-4556-2acc-08dc5b00ab9a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "96e8531f-40be-418f-8c4f-341009daf3bb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Are escaped rule names a problem", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Are escaped rule names a problem", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Are escaped rule names a problem", "DistinguishedName": "CN=DLP-Are escaped rule names a problem,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1712933761000)\/", "WhenCreated": "\/Date(1711133310000)\/", "WhenChangedUTC": "\/Date(1712933761000)\/", "WhenCreatedUTC": "\/Date(1711133310000)\/", "ExchangeObjectId": "96e8531f-40be-418f-8c4f-341009daf3bb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleId": "5090ec10-3b5b-464b-b789-4e65bc6b5e3e" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "103a453b-e796-452b-b929-d7afdda9b29e", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "c0b8d300-ed1a-43f4-2dff-08dbc5db80ab", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Default", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Default", "DistinguishedName": "CN=DLP-Default,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1696535075000)\/", "WhenCreated": "\/Date(1696535075000)\/", "WhenChangedUTC": "\/Date(1696535075000)\/", "WhenCreatedUTC": "\/Date(1696535075000)\/", "ExchangeObjectId": "7d53937e-b4f5-45d0-9bd8-7ea0305553bb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleId": "8328f2c9-860e-4bbd-9f5c-1ef615a64947" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "Priority": 0, "Workload": "AuditAlerting", "Policy": "2e29a8b0-df60-4ddf-9de3-f716e9d8633e", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a7964802-5249-449c-2b40-08dbd1737aad", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-PII-temp", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-PII-temp", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-PII-temp", "DistinguishedName": "CN=DLP-PII-temp,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1697809811000)\/", "WhenCreated": "\/Date(1697725863000)\/", "WhenChangedUTC": "\/Date(1697809811000)\/", "WhenCreatedUTC": "\/Date(1697725863000)\/", "ExchangeObjectId": "48c87377-6fdd-45d7-91a6-bbbebd3d99f8", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "DlpRuleId": "af0870b6-6d6d-4bed-95e5-60529f32f325" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "Priority": 0, "Workload": "AuditAlerting", "Policy": "9b8c3d58-e563-4eff-80d9-19088b4ad717", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "ebf0c03b-4d8c-43ba-28aa-08dc76747b41", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Restrict sensitive info types", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-Restrict sensitive info types", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-Restrict sensitive info types", "DistinguishedName": "CN=DLP-Restrict sensitive info types,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1715952186000)\/", "WhenCreated": "\/Date(1696535520000)\/", "WhenChangedUTC": "\/Date(1715952186000)\/", "WhenCreatedUTC": "\/Date(1696535520000)\/", "ExchangeObjectId": "44b57ad0-aaf5-4cf5-ab12-db2ff27ea8b6", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "DlpRuleGenerateAlertMatch" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": { "DlpRuleMode": "Disable", "EndpointDlpRestrictiveOperations": "FileUploadedToCloud,FileCopiedToClipboard,FileCopiedToRemovableMedia,FileCopiedToNetworkShare,FileAccessedByUnallowedApp,FilePrinted", "DlpRuleId": "37de612f-186b-4069-918f-b4c6f90037a8" }, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "DataLossPrevention", "IsSystemRule": false, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e7e89169-b24e-4e43-8d5c-6b5ebf236245", "Comment": "", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2c2a1a4c-4b60-40b3-319a-08dc5b00c885", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-CreditCardsOnly", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration/DLP-CreditCardsOnly", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "DLP-CreditCardsOnly", "DistinguishedName": "CN=DLP-CreditCardsOnly,CN=Configuration,CN=tqhjy.onmicrosoft.com,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1712933810000)\/", "WhenCreated": "\/Date(1702651340000)\/", "WhenChangedUTC": "\/Date(1712933810000)\/", "WhenCreatedUTC": "\/Date(1702651340000)\/", "ExchangeObjectId": "d46f69a5-6277-49fc-ad26-e0b701c034d0", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "MipAutoLabelSimulationCompletion" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Priority": 0, "Workload": "AuditAlerting", "Policy": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Comment": "AutoLabel policy simulation has been completed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "38ef539d-4bbc-403b-ba71-08d8e31643f7", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/MIP AutoLabel simulation completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/MIP AutoLabel simulation completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "MIP AutoLabel simulation completed", "DistinguishedName": "CN=MIP AutoLabel simulation completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1615306404000)\/", "WhenCreated": "\/Date(1615306404000)\/", "WhenChangedUTC": "\/Date(1615306404000)\/", "WhenCreatedUTC": "\/Date(1615306404000)\/", "ExchangeObjectId": "dac59cbc-1d3b-4f5e-91e0-02d780c53915", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "-not (Activity.User.Tags -like 'hve')", "Operation": [ "CompromisedWarningAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043833050)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "be215649-fba8-4339-9ddd-05991a43b948", "Priority": 0, "Workload": "AuditAlerting", "Policy": "105a3254-0eca-4a3d-8686-a66115a99235", "Comment": "User has been detected as sending suspicious messages outside the organization and will be restricted if this activity continues. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "6ab41379-a75a-4432-6909-08d7b68de580", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "be215649-fba8-4339-9ddd-05991a43b948", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious email sending patterns detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious email sending patterns detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious email sending patterns detected", "DistinguishedName": "CN=Suspicious email sending patterns detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1582262485000)\/", "WhenCreated": "\/Date(1556224605000)\/", "WhenChangedUTC": "\/Date(1582262485000)\/", "WhenCreatedUTC": "\/Date(1556224605000)\/", "ExchangeObjectId": "be215649-fba8-4339-9ddd-05991a43b948", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and (Mail.IsGenericZapped -eq 1) -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "Priority": 0, "Workload": "AuditAlerting", "Policy": "a1f563cc-fb1f-466b-1fb5-08d8d71a3050", "Comment": "Malicious emails were delivered and later removed -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9f756b13-a826-4e49-bb3e-08da1c767a9f", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "DistinguishedName": "CN=Email messages removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1649762441000)\/", "WhenCreated": "\/Date(1620114418000)\/", "WhenChangedUTC": "\/Date(1649762441000)\/", "WhenCreatedUTC": "\/Date(1620114418000)\/", "ExchangeObjectId": "b8f6b088-5487-4c70-037c-08d8d71a43fe", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsCampaignZapped -eq 1 -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ef850570-5624-42b2-ff0a-08d8d899d578", "Comment": "Emails messages from a campaign were delivered and later removed -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "be3e023e-6cff-4e27-926d-08da1c767be1", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages from a campaign removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages from a campaign removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages from a campaign removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "DistinguishedName": "CN=Email messages from a campaign removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1649762443000)\/", "WhenCreated": "\/Date(1620114417000)\/", "WhenChangedUTC": "\/Date(1649762443000)\/", "WhenCreatedUTC": "\/Date(1620114417000)\/", "ExchangeObjectId": "c8522cbb-9368-4e25-4ee9-08d8d899dfab", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.AirItemType -eq 'User'", "Operation": [ "AirManualInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "845686e4-f843-42cf-36d7-08d8e2eca19c", "Priority": 0, "Workload": "AuditAlerting", "Policy": "fbb0585f-318a-4e26-eec9-08d8e2ec980c", "Comment": "This alert is triggered because an admin triggered investigation of a user -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9ea1637e-f98f-4a7f-a6ae-08d9565f1334", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "845686e4-f843-42cf-36d7-08d8e2eca19c", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered user compromise investigation", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered user compromise investigation", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Admin triggered user compromise investigation", "DistinguishedName": "CN=Admin triggered user compromise investigation,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1627982059000)\/", "WhenCreated": "\/Date(1627982059000)\/", "WhenChangedUTC": "\/Date(1627982059000)\/", "WhenCreatedUTC": "\/Date(1627982059000)\/", "ExchangeObjectId": "845686e4-f843-42cf-36d7-08d8e2eca19c", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Click.IsSystemBlockOverriden -eq 1) -or (Click.IsTenantBlockOverriden -eq 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MaliciousUrlClick", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MaliciousUrlClick", "Scenario": "MaliciousUrlClick", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e7fec753-4e4b-491c-2152-08d97b58ad34", "Comment": "We have detected that one of your users has recently clicked through on a link that was found to be malicious. -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "5634e57e-6702-4cdd-f4a0-08da42ee473d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A user clicked through to a potentially malicious URLâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A user clicked through to a potentially malicious URLâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A user clicked through to a potentially malicious URLâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "DistinguishedName": "CN=A user clicked through to a potentially malicious URLâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1653992039000)\/", "WhenCreated": "\/Date(1653992039000)\/", "WhenChangedUTC": "\/Date(1653992039000)\/", "WhenCreatedUTC": "\/Date(1653992039000)\/", "ExchangeObjectId": "5453b67e-6c81-4a46-b96c-08d97b58d4ac", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ConnectorAbuse" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043833876)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "Priority": 0, "Workload": "AuditAlerting", "Policy": "d1de9ca1-fcd8-4ce1-f041-08da05b11773", "Comment": "Connector has been restricted from sending messages due to potential compromise activity. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "df6b603b-1b0b-4b0a-7440-08da326d8875", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious connector activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious connector activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious connector activity", "DistinguishedName": "CN=Suspicious connector activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1652177524000)\/", "WhenCreated": "\/Date(1652177524000)\/", "WhenChangedUTC": "\/Date(1652177524000)\/", "WhenCreatedUTC": "\/Date(1652177524000)\/", "ExchangeObjectId": "8bb9c6c8-dc12-40e1-5bb8-08da05b13393", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UploadDataCompleted" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1647063363913)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "55272906-f9a5-4adf-9395-0abeec18aee1", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8d58b459-63cd-4b73-aca0-f24ed896f018", "Comment": "New sensitive information was uploaded and is ready to be protected. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a6a5ec5d-6e43-43c3-420c-08d8d285b1f9", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "55272906-f9a5-4adf-9395-0abeec18aee1", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Successful exact data match upload", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Successful exact data match upload", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Successful exact data match upload", "DistinguishedName": "CN=Successful exact data match upload,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1613485093000)\/", "WhenCreated": "\/Date(1613485093000)\/", "WhenChangedUTC": "\/Date(1613485093000)\/", "WhenCreatedUTC": "\/Date(1613485093000)\/", "ExchangeObjectId": "55272906-f9a5-4adf-9395-0abeec18aee1", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "GrantAdminPermission" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "AccessGovernance", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "17d51759-88e1-40c1-8df3-20bcf2e43057", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ae6108c1-8814-4a00-bf93-22396aad4bd8", "Comment": "This alert is triggered when someone in your organization becomes an Exchange admin or gets new Exchange admin permissions -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "18bb7a7d-0b75-4033-cc22-08d6bdf100e3", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "17d51759-88e1-40c1-8df3-20bcf2e43057", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Elevation of Exchange admin privilege", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Elevation of Exchange admin privilege", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Elevation of Exchange admin privilege", "DistinguishedName": "CN=Elevation of Exchange admin privilege,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1554927211000)\/", "WhenCreated": "\/Date(1554927211000)\/", "WhenChangedUTC": "\/Date(1554927211000)\/", "WhenCreatedUTC": "\/Date(1554927211000)\/", "ExchangeObjectId": "17d51759-88e1-40c1-8df3-20bcf2e43057", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Message.Verdict -eq 'Block'", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": 1, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MailFlow", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MailFlow", "Scenario": "MailFlowProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "CustomAggregation", "Category": "MailFlow", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ce504573-4841-4e45-81e2-21e8a11ba221", "Priority": 0, "Workload": "AuditAlerting", "Policy": "497d08c4-ecce-4a94-b8f4-bcce7de01389", "Comment": "This alert is triggered when a reply-all storm is detected and at least one reply-all to the mail thread has been blocked. See the Reply-all Storm Protection mail flow report for more information. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "682e2101-73c2-43ed-08ff-08dd1f687ca5", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ce504573-4841-4e45-81e2-21e8a11ba221", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Reply-all storm detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Reply-all storm detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Reply-all storm detected", "DistinguishedName": "CN=Reply-all storm detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1734528778000)\/", "WhenCreated": "\/Date(1734528778000)\/", "WhenChangedUTC": "\/Date(1734528778000)\/", "WhenCreatedUTC": "\/Date(1734528778000)\/", "ExchangeObjectId": "ce504573-4841-4e45-81e2-21e8a11ba221", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Mail.IsSystemZappedMalware -eq 1 -and (-not (Mail.Recipients.Tags -like 'hve')) -and (-not (Mail.Sender.Tags -like 'hve')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and ((Mail.IsGenericZapped -ne 1) -and (Mail.IsGenericZapped -ne 0)) -and ((Mail.IsCampaignZapped -ne 1) -and (Mail.IsCampaignZapped -ne 0))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malware", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553635493)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "0179b3f7-3fda-40c3-8f24-278563978dbb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "b7d4272b-96c3-4514-b9bd-e4d4c051d162", "Comment": "Emails with malware that were delivered and later removed -V1.0.0.8", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bd13b65f-ccaf-4fd4-669b-08d90ed0cca9", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "0179b3f7-3fda-40c3-8f24-278563978dbb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malware removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malware removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malware removed after delivery", "DistinguishedName": "CN=Email messages containing malware removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1620114419000)\/", "WhenCreated": "\/Date(1554927210000)\/", "WhenChangedUTC": "\/Date(1620114419000)\/", "WhenCreatedUTC": "\/Date(1554927210000)\/", "ExchangeObjectId": "0179b3f7-3fda-40c3-8f24-278563978dbb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsSystemZappedByURLs -eq 1 -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553631883)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "Priority": 0, "Workload": "AuditAlerting", "Policy": "435ca8f9-fb3b-4514-9bec-52fed47d84f9", "Comment": "Emails with malicious URL that were delivered and later removed -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3f3a9e91-d013-4e37-4a62-08da1c767922", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious URL removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious URL removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malicious URL removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "DistinguishedName": "CN=Email messages containing malicious URL removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1649762439000)\/", "WhenCreated": "\/Date(1612829713000)\/", "WhenChangedUTC": "\/Date(1649762439000)\/", "WhenCreatedUTC": "\/Date(1612829713000)\/", "ExchangeObjectId": "8e6ba277-ef39-404e-aaf1-294f6d9a2b88", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UserRestrictedByDistributingForms" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618345350470)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "f86c81d5-272e-4825-a957-366e964f702c", "Priority": 0, "Workload": "AuditAlerting", "Policy": "29af60e8-9eae-4962-ba2e-a030fc6f7661", "Comment": "Microsoft Forms identified repeated phishing attempts by a user in your tenant. This user is now blocked from sharing forms and collecting responses. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "b0409299-daa4-491d-20f0-08d8d285b2c2", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "f86c81d5-272e-4825-a957-366e964f702c", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sharing forms and collecting responses", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sharing forms and collecting responses", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User restricted from sharing forms and collecting responses", "DistinguishedName": "CN=User restricted from sharing forms and collecting responses,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1613485094000)\/", "WhenCreated": "\/Date(1613485094000)\/", "WhenChangedUTC": "\/Date(1613485094000)\/", "WhenCreatedUTC": "\/Date(1613485094000)\/", "ExchangeObjectId": "f86c81d5-272e-4825-a957-366e964f702c", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Activity.SubmissionType -eq 'Phish') -or (Activity.SubmissionType -eq 'Malware')", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553621173)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "Priority": 0, "Workload": "AuditAlerting", "Policy": "d326019d-b122-450c-a96e-de82aaf46ab9", "Comment": "This alert is triggered when any email message is reported as malware or phish by users -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "63e2710c-398f-46dd-e621-08d909846bab", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as malware or phish", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as malware or phish", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as malware or phish", "DistinguishedName": "CN=Email reported by user as malware or phish,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1619531859000)\/", "WhenCreated": "\/Date(1554927209000)\/", "WhenChangedUTC": "\/Date(1619531859000)\/", "WhenCreatedUTC": "\/Date(1554927209000)\/", "ExchangeObjectId": "b26a5770-0c38-434a-9380-3a3c2c27bbb3", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "RetentionAutoLabelSimulationCompletion" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "Priority": 0, "Workload": "AuditAlerting", "Policy": "404fd903-ef34-43df-8362-ac45c1bb2a1c", "Comment": "Retention auto-labeling policy simulation has been completed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2ad7b104-a45f-4b35-896a-08da6efbe6cf", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Retention Auto-labeling Policy Simulation Completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Retention Auto-labeling Policy Simulation Completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Retention Auto-labeling Policy Simulation Completed", "DistinguishedName": "CN=Retention Auto-labeling Policy Simulation Completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1658835741000)\/", "WhenCreated": "\/Date(1658835741000)\/", "WhenChangedUTC": "\/Date(1658835741000)\/", "WhenCreatedUTC": "\/Date(1658835741000)\/", "ExchangeObjectId": "a8f4ff90-ee7d-4813-a629-42c9db2204dd", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.AirItemType -eq 'Email'", "Operation": [ "AirManualInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618363921020)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "cfb0af3a-7410-445c-a872-45f95c45f0de", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8aa5392e-0533-4a43-9952-b25fcea4af4b", "Comment": "This alert is triggered because an admin triggered manual investigation of an Email from explorer -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9f5f9152-5833-4255-a2b6-08d88b0fc747", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "cfb0af3a-7410-445c-a872-45f95c45f0de", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered manual investigation of email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Admin triggered manual investigation of email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Admin triggered manual investigation of email", "DistinguishedName": "CN=Admin triggered manual investigation of email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1605627915000)\/", "WhenCreated": "\/Date(1605627915000)\/", "WhenChangedUTC": "\/Date(1605627915000)\/", "WhenCreatedUTC": "\/Date(1605627915000)\/", "ExchangeObjectId": "cfb0af3a-7410-445c-a872-45f95c45f0de", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "eDiscoverySearchStartedOrExported" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618363996727)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "Priority": 0, "Workload": "AuditAlerting", "Policy": "f39d84d4-568b-47d2-8f6d-b4ae9d4aba97", "Comment": "The alert is triggered when users start content searches or eDiscovery searches or when search results are downloaded or exported -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "a2b6879c-35c4-4147-7c67-08d909846d2b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/eDiscovery search started or exported", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/eDiscovery search started or exported", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "eDiscovery search started or exported", "DistinguishedName": "CN=eDiscovery search started or exported,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1619531862000)\/", "WhenCreated": "\/Date(1554927214000)\/", "WhenChangedUTC": "\/Date(1619531862000)\/", "WhenCreatedUTC": "\/Date(1554927214000)\/", "ExchangeObjectId": "6fdc5710-3998-47f0-afbb-57cefd7378ae", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "QuarantineRequestReleaseMessage" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "34116cef-7761-4cdf-a30b-5aa944d93d74", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c633eeaf-090e-4dc2-ad59-770158128390", "Comment": "A user has requested to release an email from quarantine. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "e57d8c5b-83f6-4c92-bf85-08d9a96de94d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "34116cef-7761-4cdf-a30b-5aa944d93d74", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User requested to release a quarantined message", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User requested to release a quarantined message", "DistinguishedName": "CN=User requested to release a quarantined message,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1637114378000)\/", "WhenCreated": "\/Date(1637114378000)\/", "WhenChangedUTC": "\/Date(1637114378000)\/", "WhenCreatedUTC": "\/Date(1637114378000)\/", "ExchangeObjectId": "34116cef-7761-4cdf-a30b-5aa944d93d74", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPSuccessful -eq 1) -and Mail.IsSystemZappedByFiles -eq 1 -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553600637)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c056ed0c-0a2c-4c2f-989e-c32681100d63", "Comment": "Emails with malicious file that were delivered and later removed -V1.0.0.3", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bdbe591f-7207-4f25-9ea0-08da1c767b27", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious file removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing malicious file removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing malicious file removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹", "DistinguishedName": "CN=Email messages containing malicious file removed after deliveryâââ€Å¡Ãƒ‚¬ÃƒÂ¢Ãƒ¢â€šÂ¬Ãƒ‚¹,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1649762442000)\/", "WhenCreated": "\/Date(1612829714000)\/", "WhenChangedUTC": "\/Date(1649762442000)\/", "WhenCreatedUTC": "\/Date(1612829714000)\/", "ExchangeObjectId": "4b1820ec-39dc-45f3-abf6-5ee80df51fd2", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.Operation -eq 'MSTICNationStateNotification'", "Operation": [ "MSTICNationStateNotification" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "Priority": 0, "Workload": "AuditAlerting", "Policy": "3942e844-78a9-4110-9f47-9f6c1e1d1c99", "Comment": "Microsoft Threat Intelligence Center detected an attempt to compromise accounts from your tenant. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9b5ff5c6-ff67-43a3-31ab-08d9a96de846", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Potential Nation-State Activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Potential Nation-State Activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Potential Nation-State Activity", "DistinguishedName": "CN=Potential Nation-State Activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1637114376000)\/", "WhenCreated": "\/Date(1637114376000)\/", "WhenChangedUTC": "\/Date(1637114376000)\/", "WhenCreatedUTC": "\/Date(1637114376000)\/", "ExchangeObjectId": "3b3085a4-553a-4b61-bbf1-691fa4e0bf76", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "EmailSendingLimitExceeded" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618364067210)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "Priority": 0, "Workload": "AuditAlerting", "Policy": "66420b7c-b772-4749-8e23-01672295fcc2", "Comment": "User has exceeded their email sending limit and the action defined within the Outbound Spam policy has been applied. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "31f20d68-c10f-47b4-20ea-08d74b7e0175", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email sending limit exceeded", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email sending limit exceeded", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email sending limit exceeded", "DistinguishedName": "CN=Email sending limit exceeded,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1570490885000)\/", "WhenCreated": "\/Date(1570490885000)\/", "WhenChangedUTC": "\/Date(1570490885000)\/", "WhenCreatedUTC": "\/Date(1570490885000)\/", "ExchangeObjectId": "2cc44934-4d16-420b-b4e8-74a77fd0ab24", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Activity.AirAdminActionType -eq 'MailAction' -or Activity.AirAdminActionType -eq 'BlockUrlAction' -or Activity.AirAdminActionType -eq 'BlockSenderAction')", "Operation": [ "AirAdminActionInvestigation" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553593130)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "39c5b427-a54f-4c38-a799-8541c5a105a8", "Priority": 0, "Workload": "AuditAlerting", "Policy": "bcafb035-406a-4a14-b5c3-67396c524edc", "Comment": "This alert is triggered when an admin takes remediation action on the selected entity -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "846b7457-58a3-439c-1d0e-08d88b0fc808", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "39c5b427-a54f-4c38-a799-8541c5a105a8", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Remediation action taken by admin on emails or URL or sender", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Remediation action taken by admin on emails or URL or sender", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Remediation action taken by admin on emails or URL or sender", "DistinguishedName": "CN=Remediation action taken by admin on emails or URL or sender,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1605627917000)\/", "WhenCreated": "\/Date(1605627917000)\/", "WhenChangedUTC": "\/Date(1605627917000)\/", "WhenCreatedUTC": "\/Date(1605627917000)\/", "ExchangeObjectId": "39c5b427-a54f-4c38-a799-8541c5a105a8", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "MailRedirect" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "Priority": 0, "Workload": "AuditAlerting", "Policy": "bc59a7c1-2cfd-49da-b762-f643f204babe", "Comment": "This alert is triggered when someone in your organization sets up auto-forwarding, email forwarding, redirect rule or a mail flow rule -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "0d925ec2-9609-4c1b-cea4-08d909846c4c", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Creation of forwarding\\/redirect rule", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Creation of forwarding\\/redirect rule", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Creation of forwarding/redirect rule", "DistinguishedName": "CN=Creation of forwarding/redirect rule,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1619531860000)\/", "WhenCreated": "\/Date(1554927211000)\/", "WhenChangedUTC": "\/Date(1619531860000)\/", "WhenCreatedUTC": "\/Date(1554927211000)\/", "ExchangeObjectId": "d59a8fd4-1272-41ee-9408-86f7bcf72479", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "-not (Activity.User.Tags -like 'hve')", "Operation": [ "CompromisedAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618345398657)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "Priority": 0, "Workload": "AuditAlerting", "Policy": "743af9b5-f679-418a-88e9-77360cd02fce", "Comment": "User has been restricted from sending messages outside the organization due to potential compromised activity. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "2ba121d0-5190-4209-d909-08d7b68de683", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sending email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/User restricted from sending email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "User restricted from sending email", "DistinguishedName": "CN=User restricted from sending email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1582262487000)\/", "WhenCreated": "\/Date(1554927215000)\/", "WhenChangedUTC": "\/Date(1582262487000)\/", "WhenCreatedUTC": "\/Date(1554927215000)\/", "ExchangeObjectId": "7a4e7306-bbcb-401f-b112-8ca5f798a230", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.EventId -eq '12'", "Operation": [ "TenantAllowBlockListItemRemoved" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "Priority": 0, "Workload": "AuditAlerting", "Policy": "19668d63-14b5-46f9-ab2e-382f2c949ba4", "Comment": "A Tenant Allow/Block List entry will be removed. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "8ae64027-d367-4e6b-cd08-08db2726a5b7", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Removed an entry in Tenant Allow\\/Block List", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Removed an entry in Tenant Allow\\/Block List", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Removed an entry in Tenant Allow/Block List", "DistinguishedName": "CN=Removed an entry in Tenant Allow/Block List,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1679085114000)\/", "WhenCreated": "\/Date(1679085114000)\/", "WhenChangedUTC": "\/Date(1679085114000)\/", "WhenCreatedUTC": "\/Date(1679085114000)\/", "ExchangeObjectId": "d0d83ae6-5fbc-4400-8863-9276921a9cad", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'Junk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a0e277be-7157-4907-874e-93e7b5170657", "Priority": 0, "Workload": "AuditAlerting", "Policy": "452dd2e4-5755-46a1-bbc4-18775737762b", "Comment": "This alert is triggered when any email message is reported as junk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d5ff0075-b39c-408f-0a5f-08db354d4c0d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a0e277be-7157-4907-874e-93e7b5170657", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as junk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as junk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as junk", "DistinguishedName": "CN=Email reported by user as junk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1680641030000)\/", "WhenCreated": "\/Date(1680641030000)\/", "WhenChangedUTC": "\/Date(1680641030000)\/", "WhenCreatedUTC": "\/Date(1680641030000)\/", "ExchangeObjectId": "a0e277be-7157-4907-874e-93e7b5170657", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Mail.IsMailZAPFailed -eq 1) -and ((((Mail.IsSystemZappedByFiles -eq 1) -or (Mail.IsSystemZappedByURLs -eq 1)) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and (Mail.IsCampaignZapped -ne 1)) -or (((Mail.IsGenericZapped -eq 1) -or(Mail.IsCampaignZapped -eq 1)) -and (Mail.TenantPolicyFinalVerdictSource -ne 'PhishEdu') -and (Mail.TenantPolicyFinalVerdictSource -ne 'SecOps') -and (Mail.TenantPolicyFinalVerdictSource -ne 'ThirdPartyFiltering')))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Malicious", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "663e723a-4a74-47d9-9690-9638f0d496af", "Priority": 0, "Workload": "AuditAlerting", "Policy": "01fb826b-ea22-426e-b553-75fa3afd16f9", "Comment": "Messages containing a malicious entity were delivered, and we could not remove them after delivery. Manual action is required. Please remove the malicious messages for the affected users. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "d0778db8-27f7-4d8f-3e2e-08da1c7679dc", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "663e723a-4a74-47d9-9690-9638f0d496af", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages containing malicious entity not removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages containing malicious entity not removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Messages containing malicious entity not removed after delivery", "DistinguishedName": "CN=Messages containing malicious entity not removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1649762440000)\/", "WhenCreated": "\/Date(1649762440000)\/", "WhenChangedUTC": "\/Date(1649762440000)\/", "WhenCreatedUTC": "\/Date(1649762440000)\/", "ExchangeObjectId": "663e723a-4a74-47d9-9690-9638f0d496af", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UnifiedSimulationCompletionNotification" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "7b99aef6-dca7-43b5-828a-96679dd553fc", "Priority": 0, "Workload": "AuditAlerting", "Policy": "1eb13e5b-2a40-4fca-85e7-a1a3072c04ed", "Comment": "Alert to notify admins when simulation is complete for any Purview policy that supports simulation mode. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "01902763-37c2-4068-d14c-08dbdc14c361", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "7b99aef6-dca7-43b5-828a-96679dd553fc", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Purview policy simulation completed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Purview policy simulation completed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Purview policy simulation completed", "DistinguishedName": "CN=Purview policy simulation completed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1698978593000)\/", "WhenCreated": "\/Date(1698978593000)\/", "WhenChangedUTC": "\/Date(1698978593000)\/", "WhenCreatedUTC": "\/Date(1698978593000)\/", "ExchangeObjectId": "7b99aef6-dca7-43b5-828a-96679dd553fc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ExternalFileSharing" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": [ "Tenant" ], "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618364142547)\/", "AggregationType": "AnomalousAggregation", "Category": "DataGovernance", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "Priority": 0, "Workload": "AuditAlerting", "Policy": "94b6d359-065a-493d-a050-2a8c64ea1092", "Comment": "This alert is triggered when the volume of external file sharing activities in your organization becomes unusual -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "46a87444-31c5-4676-a7a6-08d6bdf101db", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Unusual volume of external file sharing", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Unusual volume of external file sharing", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Unusual volume of external file sharing", "DistinguishedName": "CN=Unusual volume of external file sharing,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1554927213000)\/", "WhenCreated": "\/Date(1554927213000)\/", "WhenChangedUTC": "\/Date(1554927213000)\/", "WhenCreatedUTC": "\/Date(1554927213000)\/", "ExchangeObjectId": "d0ec2b5e-b51e-4b83-a232-972d3971d370", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "AutoBlockedForm" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1618345510120)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "3d408d75-3093-40de-8611-9d1a273a11dc", "Priority": 0, "Workload": "AuditAlerting", "Policy": "a135d1a5-12e6-432d-8b01-7ea84090691e", "Comment": "Microsoft Forms detected a potential phishing attempt from a form and blocked it from distribution and response collection. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "4c68e64d-1cb4-41f5-5125-08d8d285b239", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "3d408d75-3093-40de-8611-9d1a273a11dc", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form blocked due to potential phishing attempt", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form blocked due to potential phishing attempt", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Form blocked due to potential phishing attempt", "DistinguishedName": "CN=Form blocked due to potential phishing attempt,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1613485093000)\/", "WhenCreated": "\/Date(1613485093000)\/", "WhenChangedUTC": "\/Date(1613485093000)\/", "WhenCreatedUTC": "\/Date(1613485093000)\/", "ExchangeObjectId": "3d408d75-3093-40de-8611-9d1a273a11dc", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'SecurityRisk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "Priority": 0, "Workload": "AuditAlerting", "Policy": "661febed-80bc-46c2-a413-315d745fecaa", "Comment": "This alert is triggered when any Teams message is reported as security risk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "e4930e0c-0347-49fb-1224-08db2726a78b", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Teams message reported by user as security risk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Teams message reported by user as security risk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Teams message reported by user as security risk", "DistinguishedName": "CN=Teams message reported by user as security risk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1679085117000)\/", "WhenCreated": "\/Date(1679085117000)\/", "WhenChangedUTC": "\/Date(1679085117000)\/", "WhenCreatedUTC": "\/Date(1679085117000)\/", "ExchangeObjectId": "34c03748-ee5d-415e-bb65-9fbac7d3a358", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "SuspiciousForwarding" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043836410)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "bfd48f06-0865-41a6-85ff-adb746423ebf", "Priority": 0, "Workload": "AuditAlerting", "Policy": "1aa1676e-04c0-4b5e-bd0c-bf21c3a44971", "Comment": "This alert is triggered once suspicious email forwarding is detected. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "168fa645-e76c-41d5-1e2f-08d909846ed2", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "bfd48f06-0865-41a6-85ff-adb746423ebf", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious Email Forwarding Activity", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious Email Forwarding Activity", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious Email Forwarding Activity", "DistinguishedName": "CN=Suspicious Email Forwarding Activity,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1619531864000)\/", "WhenCreated": "\/Date(1602615783000)\/", "WhenChangedUTC": "\/Date(1619531864000)\/", "WhenCreatedUTC": "\/Date(1602615783000)\/", "ExchangeObjectId": "bfd48f06-0865-41a6-85ff-adb746423ebf", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Mail.IsSystemZappedPhish -eq 1 -and (-not (Mail.Recipients.Tags -like 'hve')) -and (-not (Mail.Sender.Tags -like 'hve')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'PhishEdu')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'SecOps')) -and (-not (Mail.TenantPolicyFinalVerdictSource -eq 'ThirdPartyFiltering')) -and ((Mail.IsGenericZapped -ne 1) -and (Mail.IsGenericZapped -ne 0)) -and ((Mail.IsCampaignZapped -ne 1) -and (Mail.IsCampaignZapped -ne 0))", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Mail", "ThreatType": "Phish", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Protection", "Scenario": "ProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1659553576010)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ea8169fa-0678-4751-8854-aebea7adeceb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "6df73299-4af9-4173-97ff-800926831e09", "Comment": "Emails with phish URLs that were delivered and later removed -V1.0.0.8", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bf7b7b1f-b824-432a-1c94-08d90ed0cae4", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ea8169fa-0678-4751-8854-aebea7adeceb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing phish URLs removed after delivery", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email messages containing phish URLs removed after delivery", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email messages containing phish URLs removed after delivery", "DistinguishedName": "CN=Email messages containing phish URLs removed after delivery,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1620114416000)\/", "WhenCreated": "\/Date(1554927211000)\/", "WhenChangedUTC": "\/Date(1620114416000)\/", "WhenCreatedUTC": "\/Date(1554927211000)\/", "ExchangeObjectId": "ea8169fa-0678-4751-8854-aebea7adeceb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "MessagesQueued.QueuedType -eq 'ConnectorBasedMessagesQueued'", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "cloudsecurity@example.com" ], "Severity": "High", "Threshold": 2000, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MailFlow", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MailFlow", "Scenario": "MailFlowProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043834206)\/", "AggregationType": "CustomAggregation", "Category": "MailFlow", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "Priority": 0, "Workload": "AuditAlerting", "Policy": "ba52bbe8-d298-494f-893f-b1e9a4c18b86", "Comment": "When Office 365 can't deliver a message to your on-premises or partner servers via a connector, the message is queued in Office 365. This alert is triggered when the number of queued messages exceeds the policy threshold and have been queued for more than an hour. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "0ffd792e-cb1d-4ae7-6444-08d6bdf1012f", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages have been delayed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Messages have been delayed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Messages have been delayed", "DistinguishedName": "CN=Messages have been delayed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1554927212000)\/", "WhenCreated": "\/Date(1554927212000)\/", "WhenChangedUTC": "\/Date(1554927212000)\/", "WhenCreatedUTC": "\/Date(1554927212000)\/", "ExchangeObjectId": "37a4e852-e711-45ca-b0f4-b076bae3adfd", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "ComplianceManagerActionScoreChange" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Medium", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": 60, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ComplianceManager", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "Priority": 0, "Workload": "AuditAlerting", "Policy": "c96a4b5c-8274-4f09-9d6f-badfa5744011", "Comment": "This default policy will generate an alert for events that happen within 60 minutes of alert creation -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "3a773fda-8402-4264-5a78-08da4de2a787", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Compliance Manager Default Alert Policy", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Compliance Manager Default Alert Policy", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Compliance Manager Default Alert Policy", "DistinguishedName": "CN=Compliance Manager Default Alert Policy,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1655196509000)\/", "WhenCreated": "\/Date(1655196509000)\/", "WhenChangedUTC": "\/Date(1655196509000)\/", "WhenCreatedUTC": "\/Date(1655196509000)\/", "ExchangeObjectId": "ed5f5244-a3e4-4bf7-895c-b49ef27ded46", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "CompromisedUnprovisionedTenantAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043833486)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "Priority": 0, "Workload": "AuditAlerting", "Policy": "50e7139b-1e4f-43ed-90e3-ce2e4fc5a2cf", "Comment": "The majority of traffic related to unprovisioned domains from this tenant has been detected as suspicious and the tenant has been restricted from sending email with unregistered domains. Investigate any potentially compromised user/admins, new connectors, or open relays and contact support to unblock your tenant. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "56aa9a70-8ff4-4d79-0afa-08d77d1227cb", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending unprovisioned email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending unprovisioned email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant restricted from sending unprovisioned email", "DistinguishedName": "CN=Tenant restricted from sending unprovisioned email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1575942122000)\/", "WhenCreated": "\/Date(1575942122000)\/", "WhenChangedUTC": "\/Date(1575942122000)\/", "WhenCreatedUTC": "\/Date(1575942122000)\/", "ExchangeObjectId": "5ed2d687-9bd3-49e7-9b56-b7dc0d9af5cb", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "CompromisedTenantAccount" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "johndoe@example.com" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043833580)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a7032ff5-7eee-412b-805b-d1295c7e0932", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e16d6517-4230-46e3-9514-4adf9c162d98", "Comment": "The majority of traffic from this tenant has been detected as suspicious and has resulted in a ban on sending ability for the tenant. Ensure that any compromises or open relays have been resolved, and then contact support through your regular channel. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "89dbe751-2576-4aee-2501-08d77d12288d", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a7032ff5-7eee-412b-805b-d1295c7e0932", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending email", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant restricted from sending email", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant restricted from sending email", "DistinguishedName": "CN=Tenant restricted from sending email,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1575942123000)\/", "WhenCreated": "\/Date(1561476913000)\/", "WhenChangedUTC": "\/Date(1575942123000)\/", "WhenCreatedUTC": "\/Date(1561476913000)\/", "ExchangeObjectId": "a7032ff5-7eee-412b-805b-d1295c7e0932", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantAllowBlockListItemGraderDisagree" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "5ba37278-d17b-4674-bde7-d19ad231e324", "Priority": 0, "Workload": "AuditAlerting", "Policy": "00341b6e-c377-4f92-9fcb-57808f9bc1c2", "Comment": "A Tenant Allow/Block List entry has been found malicious by grader. We recommend you remove the allow entry from the Tenant Allow/Block List. -V1.0.0.1", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "101ef390-a5cf-4d88-cef1-08db3668d570", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "5ba37278-d17b-4674-bde7-d19ad231e324", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A Tenant Allow Block List entry has been found malicious", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A Tenant Allow Block List entry has been found malicious", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A Tenant Allow Block List entry has been found malicious", "DistinguishedName": "CN=A Tenant Allow Block List entry has been found malicious,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1680762808000)\/", "WhenCreated": "\/Date(1680762808000)\/", "WhenChangedUTC": "\/Date(1680762808000)\/", "WhenCreatedUTC": "\/Date(1680762808000)\/", "ExchangeObjectId": "5ba37278-d17b-4674-bde7-d19ad231e324", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "Activity.SubmissionType -eq 'NotJunk'", "Operation": [ "UserSubmission" ], "LogicalOperationName": null, "NotificationEnabled": false, "NotifyUser": [ "TenantAdmins" ], "Severity": "Low", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "Priority": 0, "Workload": "AuditAlerting", "Policy": "8d510111-35c2-49df-9589-d582b05d7312", "Comment": "This alert is triggered when any email message is reported as not junk by users -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "1fb1dac9-9db3-4384-1b23-08db354d4af6", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as not junk", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Email reported by user as not junk", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Email reported by user as not junk", "DistinguishedName": "CN=Email reported by user as not junk,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1680641029000)\/", "WhenCreated": "\/Date(1680641029000)\/", "WhenChangedUTC": "\/Date(1680641029000)\/", "WhenCreatedUTC": "\/Date(1680641029000)\/", "ExchangeObjectId": "79b0a077-8446-4d8c-b335-d89cdcd60b08", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "UploadDataFailed" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "cafdbfad-0084-4052-8371-ea098aab3f64", "Priority": 0, "Workload": "AuditAlerting", "Policy": "fe23dc56-038d-483c-a528-64d9d4ff6d34", "Comment": "New sensitive information failed to upload. Try again later. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "5dbae4ff-5372-42f4-ce34-08d8d285b158", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "cafdbfad-0084-4052-8371-ea098aab3f64", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Failed exact data match upload", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Failed exact data match upload", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Failed exact data match upload", "DistinguishedName": "CN=Failed exact data match upload,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1613485092000)\/", "WhenCreated": "\/Date(1613485092000)\/", "WhenChangedUTC": "\/Date(1613485092000)\/", "WhenCreatedUTC": "\/Date(1613485092000)\/", "ExchangeObjectId": "cafdbfad-0084-4052-8371-ea098aab3f64", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "OSTTakenDownForm" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "2d161684-8def-403c-9df6-f20c66c64161", "Priority": 0, "Workload": "AuditAlerting", "Policy": "6f6b38f4-718f-496e-8c4c-211509eb9eb4", "Comment": "A form created in Microsoft Forms from within your organization has been identified as phishing through Report Abuse and confirmed as phishing. -V1.0.0.2", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "349611dd-92fb-4c99-8650-08d8d285b310", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "2d161684-8def-403c-9df6-f20c66c64161", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form flagged and confirmed as phishing", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Form flagged and confirmed as phishing", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Form flagged and confirmed as phishing", "DistinguishedName": "CN=Form flagged and confirmed as phishing,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1613485094000)\/", "WhenCreated": "\/Date(1613485094000)\/", "WhenChangedUTC": "\/Date(1613485094000)\/", "WhenCreatedUTC": "\/Date(1613485094000)\/", "ExchangeObjectId": "2d161684-8def-403c-9df6-f20c66c64161", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantAllowBlockListItemExpiry" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "Informational", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "d063f1c3-572d-40ea-a32c-f339cab57a33", "Priority": 0, "Workload": "AuditAlerting", "Policy": "b50db3b4-fb66-4950-a7c0-389dd7d5b09d", "Comment": "A Tenant Allow/Block List entry will be removed due to expiration. -V1.0.0.0", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "9b245f7b-cb18-400a-2722-08d98900fc0a", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "d063f1c3-572d-40ea-a32c-f339cab57a33", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant Allow\\/Block List entry is about to expire", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Tenant Allow\\/Block List entry is about to expire", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Tenant Allow/Block List entry is about to expire", "DistinguishedName": "CN=Tenant Allow/Block List entry is about to expire,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1633549157000)\/", "WhenCreated": "\/Date(1633549157000)\/", "WhenChangedUTC": "\/Date(1633549157000)\/", "WhenCreatedUTC": "\/Date(1633549157000)\/", "ExchangeObjectId": "d063f1c3-572d-40ea-a32c-f339cab57a33", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": null, "Operation": [ "TenantExceedsThresholdEarlyAlert" ], "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "Activity", "ThreatType": "Activity", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "Activity", "Scenario": "AuditProtectionAlert", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": null, "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "Priority": 0, "Workload": "AuditAlerting", "Policy": "9e6a79f3-b756-47a6-9a6c-3f82cce2a4f5", "Comment": "Suspicious sending patterns have been observed in your tenant, which may lead to your tenant being blocked from sending emails. Investigate any potentially compromised user and admin accounts, new connectors, or open relays to avoid tenant exceed threshold blocks. -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "bf127ae6-a71d-46fa-8a31-08da9019a851", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious tenant sending patterns observed", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/Suspicious tenant sending patterns observed", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Suspicious tenant sending patterns observed", "DistinguishedName": "CN=Suspicious tenant sending patterns observed,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1662476909000)\/", "WhenCreated": "\/Date(1662476909000)\/", "WhenChangedUTC": "\/Date(1662476909000)\/", "WhenCreatedUTC": "\/Date(1662476909000)\/", "ExchangeObjectId": "05b9e850-6d9d-4bab-a5c0-f54db2e7e887", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" }, { "Filter": "(Click.IsLookBack -eq 1)", "Operation": null, "LogicalOperationName": null, "NotificationEnabled": true, "NotifyUser": [ "TenantAdmins" ], "Severity": "High", "Threshold": null, "VolumeThreshold": null, "ExternalScenarioData": null, "TimeWindow": null, "NotifyUserOnFilterMatch": false, "MergedRuleXml": null, "StreamType": "None", "ThreatType": "MaliciousUrlClick", "PrivacyManagementScopedSensitiveInformationTypes": null, "PrivacyManagementScopedSensitiveInformationTypesForCounting": null, "PrivacyManagementScopedSensitiveInformationTypesThreshold": null, "AlertBy": null, "AlertFor": null, "AlertScenario": "MaliciousUrlClick", "Scenario": "MaliciousUrlClick", "NotifyUserThrottleThreshold": null, "NotifyUserThrottleWindow": null, "NotifyUserSuppressionExpiryDate": null, "NotificationCulture": null, "AlertOverrideChangedUtc": "\/Date(1720043833063)\/", "AggregationType": "None", "Category": "ThreatManagement", "IsSystemRule": true, "TagFilter": null, "UserTags": null, "RecipientTags": null, "SenderTags": null, "CustomProperties": null, "UseCreatedDateTime": null, "CorrelationPolicyId": "00000000-0000-0000-0000-000000000000", "ReadOnly": false, "ErrorMetadata": null, "ExternalIdentity": "", "ImmutableId": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "Priority": 0, "Workload": "AuditAlerting", "Policy": "e9a4983d-9f4e-47b0-80d1-fb2097adb484", "Comment": "We have detected that one of your users has recently clicked on a link that was found to be malicious. -V1.0.0.5", "Disabled": false, "Mode": "Enforce", "ObjectVersion": "93862b30-0045-4564-44b2-08da42ee4857", "MaximumBlobRuleLength": 0, "CreatedBy": "", "LastModifiedBy": "", "Guid": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "Identity": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A potentially malicious URL click was detected", "Id": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration/A potentially malicious URL click was detected", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "A potentially malicious URL click was detected", "DistinguishedName": "CN=A potentially malicious URL click was detected,CN=Configuration,CN=f00ed340-8f84-4eb4-83f3-0075a22b262e,OU=Microsoft Exchange Hosted Organizations,DC=FFO,DC=extest,DC=microsoft,DC=com", "ObjectCategory": null, "ObjectClass": [ "msExchUnifiedRule" ], "WhenChanged": "\/Date(1653992040000)\/", "WhenCreated": "\/Date(1554927215000)\/", "WhenChangedUTC": "\/Date(1653992040000)\/", "WhenCreatedUTC": "\/Date(1554927215000)\/", "ExchangeObjectId": "a74bb32a-541b-47fb-adfd-f8c62ce3d59b", "OrganizationalUnitRoot": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e", "OrganizationId": "FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e - FFO.extest.microsoft.com/Microsoft Exchange Hosted Organizations/f00ed340-8f84-4eb4-83f3-0075a22b262e/Configuration", "OriginatingServer": "", "ObjectState": "New" } ], "admin_audit_log_config": [ { "AdminAuditLogEnabled": true, "LogLevel": "None", "TestCmdletLoggingEnabled": false, "AdminAuditLogCmdlets": [ "*" ], "AdminAuditLogParameters": [ "*" ], "AdminAuditLogExcludedCmdlets": [ ], "AdminAuditLogAgeLimit": "90.00:00:00", "LoadBalancerCount": 3, "RefreshInterval": 10, "PartitionInfo": [ ], "AdminAuditLoexamplebox": "", "UnifiedAuditLogIngestionEnabled": true, "UnifiedAuditLogFirstOptInDate": "\/Date(1618327011162)\/", "AdminDisplayName": "", "ExchangeVersion": "0.10 (14.0.100.0)", "Name": "Admin Audit Log Settings", "DistinguishedName": "CN=Admin Audit Log Settings,CN=Global Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Admin Audit Log Settings", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Admin-Audit-Log-Config", "ObjectClass": [ "top", "msExchAdminAuditLogConfig" ], "WhenChanged": "\/Date(1733343236000)\/", "WhenCreated": "\/Date(1619484594000)\/", "WhenChangedUTC": "\/Date(1733343236000)\/", "WhenCreatedUTC": "\/Date(1619484594000)\/", "ExchangeObjectId": "35b89a9b-b235-4d67-ba7f-7ddeab032801", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Admin Audit Log Settings", "Guid": "97423bd9-ae36-4a1f-a225-5e007478854f", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } ], "atp_policy_for_o365": [ { "AdminDisplayName": "", "EnableATPForSPOTeamsODB": true, "EnableSafeDocs": true, "AllowSafeDocsOpen": false, "Identity": "Default", "Id": "Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Atp Policy For O365,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1734517495000)\/", "WhenCreated": "\/Date(1626469503000)\/", "WhenChangedUTC": "\/Date(1734517495000)\/", "WhenCreatedUTC": "\/Date(1626469503000)\/", "ExchangeObjectId": "2aaee10f-6955-4976-be8b-ac1952fcb627", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "2aaee10f-6955-4976-be8b-ac1952fcb627", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "total_users_without_advanced_audit": 81, "defender_license": true, "defender_dlp_license": true, "defender_successful_commands": [ "Get-AdminAuditLogConfig", "Get-EOPProtectionPolicyRule", "Get-AntiPhishPolicy", "Get-AtpPolicyForO365", "Get-ATPProtectionPolicyRule", "Get-DlpCompliancePolicy", "Get-ProtectionAlert", "Get-DlpComplianceRule", "Get-MgBetaUser" ], "defender_unsuccessful_commands": [ ], "remote_domains": [ { "DomainName": "*", "IsInternal": false, "TargetDeliveryDomain": false, "ByteEncoderTypeFor7BitCharsets": "Undefined", "CharacterSet": "iso-8859-1", "NonMimeCharacterSet": "iso-8859-1", "AllowedOOFType": "External", "SmtpDaneMandatoryModeEnabled": false, "AutoReplyEnabled": true, "AutoForwardEnabled": false, "DeliveryReportEnabled": false, "NDREnabled": true, "MeetingForwardNotificationEnabled": true, "ContentType": "MimeHtmlText", "DisplaySenderName": true, "PreferredInternetCodePageForShiftJis": "Undefined", "RequiredCharsetCoverage": null, "TNEFEnabled": false, "LineWrapSize": "Unlimited", "TrustedMailOutboundEnabled": false, "TrustedMailInboundEnabled": false, "UseSimpleDisplayName": false, "NDRDiagnosticInfoEnabled": true, "MessageCountThreshold": 2147483647, "AdminDisplayName": "", "ExchangeVersion": "0.1 (8.0.535.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Internet Message Formats,CN=Global Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Default", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Domain-Content-Config", "ObjectClass": [ "top", "msExchDomainContentConfig" ], "WhenChanged": "\/Date(1734513819000)\/", "WhenCreated": "\/Date(1619484412000)\/", "WhenChangedUTC": "\/Date(1734513819000)\/", "WhenCreatedUTC": "\/Date(1619484412000)\/", "ExchangeObjectId": "2042facf-0e9e-4738-ad60-56d6c5d43b5d", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default", "Guid": "5c597b00-69f6-44cf-b30b-474fb38a1e0a", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } ], "spf_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ "v=spf1 include:spf.protection.outlook.com -all", "mscid=d/1e071KOhkmP8Aanr5sNgUqyTBrvrMx5nKSswPxu5ZsqL0bdAgVo3m7f5VYu+inbKA5YviUPzz/SxNS0ploJQ==" ], "log": [ { "query_method": "traditional", "query_result": "Query returned 2 txt records", "query_name": "tqhjy.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ "v=spf1 include:outlook.com -all" ], "log": [ { "query_method": "traditional", "query_result": "Query returned 1 txt records", "query_name": "tqhjy.mail.onmicrosoft.com" } ] } ], "dkim_config": [ { "Domain": "tqhjy.onmicrosoft.com", "AdminDisplayName": "", "Selector1KeySize": 2048, "Selector1CNAME": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector1PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Selector2KeySize": 2048, "Selector2CNAME": "selector2-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector2PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Enabled": true, "IsDefault": true, "HeaderCanonicalization": "Relaxed", "BodyCanonicalization": "Relaxed", "Algorithm": "RsaSHA256", "NumberOfBytesToSign": "All", "IncludeSignatureCreationTime": true, "IncludeKeyExpiration": false, "KeyCreationTime": "\/Date(1653603718610)\/", "LastChecked": "\/Date(1653603718610)\/", "RotateOnDate": "\/Date(1653949318610)\/", "SelectorBeforeRotateOnDate": "selector1", "SelectorAfterRotateOnDate": "selector2", "Status": "Valid", "Identity": "tqhjy.onmicrosoft.com", "Id": "tqhjy.onmicrosoft.com", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy.onmicrosoft.com", "DistinguishedName": "CN=tqhjy.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1723812070000)\/", "WhenCreated": "\/Date(1619484596000)\/", "WhenChangedUTC": "\/Date(1723812070000)\/", "WhenCreatedUTC": "\/Date(1619484596000)\/", "ExchangeObjectId": "ea1866b3-b7fa-4dbe-b9c9-48087391a536", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "476371c0-bf15-4101-84a7-a3a03b4266f1", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" }, { "Domain": "tqhjy.mail.onmicrosoft.com", "AdminDisplayName": "", "Selector1KeySize": 2048, "Selector1CNAME": "selector1-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector1PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Selector2KeySize": 2048, "Selector2CNAME": "selector2-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com", "Selector2PublicKey": "v=DKIM1; k=rsa; p=Tm90aGluZyB0byBzZWUgaGVyZS4gIE1vdmUgYWxvbmcuLi4gbW92ZSBhbG9uZy4;", "Enabled": false, "IsDefault": false, "HeaderCanonicalization": "Relaxed", "BodyCanonicalization": "Relaxed", "Algorithm": "RsaSHA256", "NumberOfBytesToSign": "All", "IncludeSignatureCreationTime": true, "IncludeKeyExpiration": false, "KeyCreationTime": "\/Date(1701717485274)\/", "LastChecked": "\/Date(1701717485274)\/", "RotateOnDate": "\/Date(1701717485274)\/", "SelectorBeforeRotateOnDate": "selector2", "SelectorAfterRotateOnDate": "selector1", "Status": "Valid", "Identity": "tqhjy.mail.onmicrosoft.com", "Id": "tqhjy.mail.onmicrosoft.com", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "tqhjy.mail.onmicrosoft.com", "DistinguishedName": "CN=tqhjy.mail.onmicrosoft.com,CN=Dkim Signing config,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Content-Filter-Config", "ObjectClass": [ "top", "msExchHostedContentFilterConfig" ], "WhenChanged": "\/Date(1723860474000)\/", "WhenCreated": "\/Date(1701717486000)\/", "WhenChangedUTC": "\/Date(1723860474000)\/", "WhenCreatedUTC": "\/Date(1701717486000)\/", "ExchangeObjectId": "7b3222de-5b72-4493-8491-930b8a85faa0", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "7b3222de-5b72-4493-8491-930b8a85faa0", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "dkim_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohoPDhGToRO8y7acaWL2w15wsCmwabxgTwODro2c1BeRYXfnUMStICo3w4ZrYDtGZDSA7hm0x7OHujF1CoQnXiBmrQ154wtomPyx3Op/VC6+b9di4z15XBvhXh/fLBUdEJ6wsybMLmQ+WPQA6vsM3UN5Cv5rl2SylFoM//eLmw5R6NmMIj3GQg9b+vQl2cKNX", "qII2gZrB07P6xt2wW1VA/LPjdRFUEys9YzBgOqM53VaODWDXDIvUH/nPRVAtOEsV19u66jyzZnzcz9a7ATxizix7DnySzI3koVlOGi/+dLx8FYIAZ/75wkH1O/gH8/n4C66uwRm/PMW+4JzVwLY+QIDAQAB;" ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1._domainkey.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2._domainkey.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned 2 txt records", "query_name": "selector1-tqhjy-onmicrosoft-com._domainkey.tqhjy.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector1-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "selector2-tqhjy-mail-onmicrosoft-com._domainkey.tqhjy.mail.onmicrosoft.com" } ] } ], "dmarc_records": [ { "domain": "tqhjy.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.tqhjy.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.onmicrosoft.com" } ] }, { "domain": "tqhjy.mail.onmicrosoft.com", "rdata": [ ], "log": [ { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.tqhjy.mail.onmicrosoft.com" }, { "query_method": "traditional", "query_result": "Query returned NXDomain", "query_name": "_dmarc.onmicrosoft.com" } ] } ], "transport_config": [ { "Name": "Transport Settings", "TLSReceiveDomainSecureList": [ ], "TLSSendDomainSecureList": [ ], "GenerateCopyOfDSNFor": [ ], "InternalSMTPServers": [ ], "JournalingReportNdrTo": "<>", "OrganizationFederatedMailbox": "johndoe@example.com", "MaxDumpsterSizePerDatabase": "18 MB (18,874,368 bytes)", "MaxDumpsterTime": "7.00:00:00", "VerifySecureSubmitEnabled": false, "ClearCategories": true, "AddressBookPolicyRoutingEnabled": false, "ConvertDisclaimerWrapperToEml": false, "PreserveReportBodypart": true, "ConvertReportToMessage": false, "DSNConversionMode": "PreserveDSNBody", "VoicemailJournalingEnabled": true, "HeaderPromotionModeSetting": "NoCreate", "Xexch50Enabled": true, "Rfc2231EncodingEnabled": false, "OpenDomainRoutingEnabled": false, "MaxReceiveSize": "Unlimited", "MaxRecipientEnvelopeLimit": "Unlimited", "MaxSendSize": "Unlimited", "ExternalDelayDsnEnabled": true, "ExternalDsnDefaultLanguage": null, "ExternalDsnLanguageDetectionEnabled": true, "ExternalDsnMaxMessageAttachSize": "10 MB (10,485,760 bytes)", "ExternalDsnReportingAuthority": null, "ExternalDsnSendHtml": true, "ExternalPostmasterAddress": null, "InternalDelayDsnEnabled": true, "InternalDsnDefaultLanguage": null, "InternalDsnLanguageDetectionEnabled": true, "InternalDsnMaxMessageAttachSize": "10 MB (10,485,760 bytes)", "InternalDsnReportingAuthority": null, "InternalDsnSendHtml": true, "SupervisionTags": [ "Reject", "Allow" ], "HygieneSuite": "Premium", "MigrationEnabled": true, "LegacyJournalingMigrationEnabled": false, "LegacyArchiveJournalingEnabled": false, "RedirectDLMessagesForLegacyArchiveJournaling": false, "RedirectUnprovisionedUserMessagesForLegacyArchiveJournaling": false, "LegacyArchiveLiveJournalingEnabled": false, "JournalArchivingEnabled": false, "SafetyNetHoldTime": "7.00:00:00", "TransportRuleConfig": [ "TransportRuleMinProductVersion:14.0.0.0", "TransportRuleRegexValidationTimeout:00:00:00.3000000", "TransportRuleAttachmentTextScanLimit:1 MB (1,048,576 bytes)", "TransportRuleSizeLimit:8 KB (8,192 bytes)", "TransportRuleCollectionRegexCharsLimit:20 KB (20,480 bytes)", "TransportRuleLimit:300", "TransportRuleCollectionAddedRecipientsLimit:100" ], "TransportRuleCollectionAddedRecipientsLimit": 100, "TransportRuleLimit": 300, "TransportRuleCollectionRegexCharsLimit": "20 KB (20,480 bytes)", "TransportRuleSizeLimit": "8 KB (8,192 bytes)", "TransportRuleAttachmentTextScanLimit": "1 MB (1,048,576 bytes)", "TransportRuleRegexValidationTimeout": "00:00:00.3000000", "TransportRuleMinProductVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "AnonymousSenderToRecipientRatePerHour": 1800, "QueueDiagnosticsAggregationInterval": "00:01:00", "JournalReportDLMemberSubstitutionEnabled": false, "DiagnosticsAggregationServicePort": 9710, "AgentGeneratedMessageLoopDetectionInSubmissionEnabled": true, "AgentGeneratedMessageLoopDetectionInSmtpEnabled": true, "MaxAllowedAgentGeneratedMessageDepth": 3, "MaxAllowedAgentGeneratedMessageDepthPerAgent": 2, "AttributionRejectConsumerMessages": false, "AttributionRejectBeforeMServRequest": false, "SmtpClientAuthenticationDisabled": true, "JournalMessageExpirationDays": 0, "PreventDuplicateJournalingEnabled": false, "ReplyAllStormProtectionEnabled": true, "ReplyAllStormDetectionMinimumRecipients": 2500, "ReplyAllStormDetectionMinimumReplies": 10, "AllowLegacyTLSClients": null, "ReplyAllStormBlockDurationHours": 6, "MessageExpiration": "1.00:00:00", "EnableExternalHTTPMailDelivery": false, "OtherWellKnownObjects": [ ], "AdminDisplayName": "", "ExchangeVersion": "0.1 (8.0.535.0)", "DistinguishedName": "CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Transport Settings", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Transport-Settings", "ObjectClass": [ "top", "container", "msExchTransportSettings" ], "WhenChanged": "\/Date(1734514051000)\/", "WhenCreated": "\/Date(1619484398000)\/", "WhenChangedUTC": "\/Date(1734514051000)\/", "WhenCreatedUTC": "\/Date(1619484398000)\/", "ExchangeObjectId": "7ef195bd-4f88-46bc-97e6-db6c7665321b", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Transport Settings", "Guid": "01d25010-40a8-4d0a-9419-fb1d775b4d16", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Unchanged" } ], "sharing_policy": [ { "Domains": [ "Anonymous:0" ], "Enabled": false, "Default": true, "AdminDisplayName": "", "ExchangeVersion": "0.10 (14.0.100.0)", "Name": "Default Sharing Policy", "DistinguishedName": "CN=Default Sharing Policy,CN=Federation,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Identity": "Default Sharing Policy", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Sharing-Policy", "ObjectClass": [ "top", "msExchSharingPolicy" ], "WhenChanged": "\/Date(1723848739000)\/", "WhenCreated": "\/Date(1619484547000)\/", "WhenChangedUTC": "\/Date(1723848739000)\/", "WhenCreatedUTC": "\/Date(1619484547000)\/", "ExchangeObjectId": "2d52a1ae-4c17-42e0-925e-919b2bf68a18", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Id": "Default Sharing Policy", "Guid": "137df5c0-4fe4-49bb-923c-e2bdfd89f448", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "IsValid": true, "ObjectState": "Changed" } ], "transport_rule": [ { "Priority": 0, "DlpPolicy": null, "DlpPolicyId": "00000000-0000-0000-0000-000000000000", "Comments": null, "CreatedBy": "John Doe", "LastModifiedBy": "Microsoft Exchange", "ManuallyModified": false, "ActivationDate": null, "ExpiryDate": null, "Description": "If the message:\r\n\tIs received from 'Outside the organization'\r\nTake the following actions:\r\n\tPrepend the subject with '[External]'\r\n", "RuleVersion": { "Major": 14, "Minor": 0, "Build": 0, "Revision": 0, "MajorRevision": 0, "MinorRevision": 0 }, "Size": 382, "Conditions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.FromScopePredicate" ], "Exceptions": null, "Actions": [ "Microsoft.Exchange.MessagingPolicies.Rules.Tasks.PrependSubjectAction" ], "State": "Enabled", "Mode": "Enforce", "IsRuleConfigurationSupported": true, "RuleConfigurationUnsupportedReason": "", "RuleErrorAction": "Ignore", "SenderAddressLocation": "Header", "RecipientAddressType": "Resolved", "RuleSubType": "None", "RegexSize": 0, "UseLegacyRegex": false, "From": null, "FromMemberOf": null, "FromScope": "NotInOrganization", "SentTo": null, "SentToMemberOf": null, "SentToScope": null, "BetweenMemberOf1": null, "BetweenMemberOf2": null, "ManagerAddresses": null, "ManagerForEvaluatedUser": null, "SenderManagementRelationship": null, "ADComparisonAttribute": null, "ADComparisonOperator": null, "SenderADAttributeContainsWords": null, "SenderADAttributeMatchesPatterns": null, "RecipientADAttributeContainsWords": null, "RecipientADAttributeMatchesPatterns": null, "AnyOfToHeader": null, "AnyOfToHeaderMemberOf": null, "AnyOfCcHeader": null, "AnyOfCcHeaderMemberOf": null, "AnyOfToCcHeader": null, "AnyOfToCcHeaderMemberOf": null, "HasClassification": null, "HasNoClassification": false, "SubjectContainsWords": null, "SubjectOrBodyContainsWords": null, "HeaderContainsMessageHeader": null, "HeaderContainsWords": null, "FromAddressContainsWords": null, "SenderDomainIs": null, "RecipientDomainIs": null, "SubjectMatchesPatterns": null, "SubjectOrBodyMatchesPatterns": null, "HeaderMatchesMessageHeader": null, "HeaderMatchesPatterns": null, "FromAddressMatchesPatterns": null, "AttachmentNameMatchesPatterns": null, "AttachmentExtensionMatchesWords": null, "AttachmentPropertyContainsWords": null, "ContentCharacterSetContainsWords": null, "HasSenderOverride": false, "MessageContainsDataClassifications": null, "MessageContainsAllDataClassifications": null, "SenderIpRanges": null, "SCLOver": null, "AttachmentSizeOver": null, "MessageSizeOver": null, "WithImportance": null, "MessageTypeMatches": null, "RecipientAddressContainsWords": null, "RecipientAddressMatchesPatterns": null, "SenderInRecipientList": null, "RecipientInSenderList": null, "AttachmentContainsWords": null, "AttachmentMatchesPatterns": null, "AttachmentIsUnsupported": false, "AttachmentProcessingLimitExceeded": false, "AttachmentHasExecutableContent": false, "AttachmentIsPasswordProtected": false, "AnyOfRecipientAddressContainsWords": null, "AnyOfRecipientAddressMatchesPatterns": null, "ExceptIfFrom": null, "ExceptIfFromMemberOf": null, "ExceptIfFromScope": null, "ExceptIfSentTo": null, "ExceptIfSentToMemberOf": null, "ExceptIfSentToScope": null, "ExceptIfBetweenMemberOf1": null, "ExceptIfBetweenMemberOf2": null, "ExceptIfManagerAddresses": null, "ExceptIfManagerForEvaluatedUser": null, "ExceptIfSenderManagementRelationship": null, "ExceptIfADComparisonAttribute": null, "ExceptIfADComparisonOperator": null, "ExceptIfSenderADAttributeContainsWords": null, "ExceptIfSenderADAttributeMatchesPatterns": null, "ExceptIfRecipientADAttributeContainsWords": null, "ExceptIfRecipientADAttributeMatchesPatterns": null, "ExceptIfAnyOfToHeader": null, "ExceptIfAnyOfToHeaderMemberOf": null, "ExceptIfAnyOfCcHeader": null, "ExceptIfAnyOfCcHeaderMemberOf": null, "ExceptIfAnyOfToCcHeader": null, "ExceptIfAnyOfToCcHeaderMemberOf": null, "ExceptIfHasClassification": null, "ExceptIfHasNoClassification": false, "ExceptIfSubjectContainsWords": null, "ExceptIfSubjectOrBodyContainsWords": null, "ExceptIfHeaderContainsMessageHeader": null, "ExceptIfHeaderContainsWords": null, "ExceptIfFromAddressContainsWords": null, "ExceptIfSenderDomainIs": null, "ExceptIfRecipientDomainIs": null, "ExceptIfSubjectMatchesPatterns": null, "ExceptIfSubjectOrBodyMatchesPatterns": null, "ExceptIfHeaderMatchesMessageHeader": null, "ExceptIfHeaderMatchesPatterns": null, "ExceptIfFromAddressMatchesPatterns": null, "ExceptIfAttachmentNameMatchesPatterns": null, "ExceptIfAttachmentExtensionMatchesWords": null, "ExceptIfAttachmentPropertyContainsWords": null, "ExceptIfContentCharacterSetContainsWords": null, "ExceptIfSCLOver": null, "ExceptIfAttachmentSizeOver": null, "ExceptIfMessageSizeOver": null, "ExceptIfWithImportance": null, "ExceptIfMessageTypeMatches": null, "ExceptIfRecipientAddressContainsWords": null, "ExceptIfRecipientAddressMatchesPatterns": null, "ExceptIfSenderInRecipientList": null, "ExceptIfRecipientInSenderList": null, "ExceptIfAttachmentContainsWords": null, "ExceptIfAttachmentMatchesPatterns": null, "ExceptIfAttachmentIsUnsupported": false, "ExceptIfAttachmentProcessingLimitExceeded": false, "ExceptIfAttachmentHasExecutableContent": false, "ExceptIfAttachmentIsPasswordProtected": false, "ExceptIfAnyOfRecipientAddressContainsWords": null, "ExceptIfAnyOfRecipientAddressMatchesPatterns": null, "ExceptIfHasSenderOverride": false, "ExceptIfMessageContainsDataClassifications": null, "ExceptIfMessageContainsAllDataClassifications": null, "ExceptIfSenderIpRanges": null, "PrependSubject": "[External]", "SetAuditSeverity": null, "ApplyClassification": null, "ApplyHtmlDisclaimerLocation": null, "ApplyHtmlDisclaimerText": null, "ApplyHtmlDisclaimerFallbackAction": null, "ApplyRightsProtectionTemplate": null, "ApplyRightsProtectionCustomizationTemplate": null, "SetSCL": null, "SetHeaderName": null, "SetHeaderValue": null, "RemoveHeader": null, "AddToRecipients": null, "CopyTo": null, "BlindCopyTo": null, "AddManagerAsRecipientType": null, "ModerateMessageByUser": null, "ModerateMessageByManager": false, "RedirectMessageTo": null, "RejectMessageEnhancedStatusCode": null, "RejectMessageReasonText": null, "DeleteMessage": false, "Disconnect": false, "Quarantine": false, "SmtpRejectMessageRejectText": null, "SmtpRejectMessageRejectStatusCode": null, "LogEventText": null, "StopRuleProcessing": false, "SenderNotificationType": null, "GenerateIncidentReport": null, "IncidentReportContent": null, "RouteMessageOutboundConnector": null, "RouteMessageOutboundRequireTls": false, "ApplyOME": false, "RemoveOME": false, "RemoveOMEv2": false, "RemoveRMSAttachmentEncryption": false, "GenerateNotification": null, "Identity": "Sender is located outside the organization prepend \"[External]\"", "DistinguishedName": "CN=Sender is located outside the organization prepend \\\"[External]\\\",CN=TransportVersioned,CN=Rules,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "Guid": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "ImmutableId": "d60d0c37-4f9d-4bcb-8b5e-2c91edfd4cbb", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Name": "Sender is located outside the organization prepend \"[External]\"", "IsValid": true, "WhenChanged": "\/Date(1734514187000)\/", "ExchangeVersion": "0.1 (8.0.535.0)", "ObjectState": "Unchanged" } ], "conn_filter": [ { "AdminDisplayName": "", "IsDefault": true, "IPAllowList": [ ], "IPBlockList": [ ], "EnableSafeList": false, "DirectoryBasedEdgeBlockMode": "Default", "Identity": "Default", "Id": "Default", "IsValid": true, "ExchangeVersion": "0.20 (15.0.0.0)", "Name": "Default", "DistinguishedName": "CN=Default,CN=Hosted Connection Filter,CN=Transport Settings,CN=Configuration,CN=tqhjy.onmicrosoft.com,CN=ConfigurationUnits,DC=NAMPR09A006,DC=PROD,DC=OUTLOOK,DC=COM", "ObjectCategory": "NAMPR09A006.PROD.OUTLOOK.COM/Configuration/Schema/ms-Exch-Hosted-Connection-Filter-Policy", "ObjectClass": [ "top", "msExchHostedConnectionFilterPolicy" ], "WhenChanged": "\/Date(1734514523000)\/", "WhenCreated": "\/Date(1619484586000)\/", "WhenChangedUTC": "\/Date(1734514523000)\/", "WhenCreatedUTC": "\/Date(1619484586000)\/", "ExchangeObjectId": "7021b7cf-b9fa-4280-94ff-fba468dbb0ab", "OrganizationalUnitRoot": "tqhjy.onmicrosoft.com", "OrganizationId": "NAMPR09A006.PROD.OUTLOOK.COM/Microsoft Exchange Hosted Organizations/tqhjy.onmicrosoft.com - NAMPR09A006.PROD.OUTLOOK.COM/ConfigurationUnits/tqhjy.onmicrosoft.com/Configuration", "Guid": "ddb99cb3-211b-47ee-bc9c-86e6c8d0e692", "OriginatingServer": "BY1PR09A06DC005.NAMPR09A006.PROD.OUTLOOK.COM", "ObjectState": "Unchanged" } ], "org_config": [ { "Name": "tqhjy.onmicrosoft.com", "DisplayName": "tqhjy", "AuditDisabled": false } ], "exo_successful_commands": [ "Get-RemoteDomain", "Get-AcceptedDomain", "Get-ScubaSpfRecord", "Get-DkimSigningConfig", "Get-ScubaDkimRecord", "Get-ScubaDmarcRecord", "Get-TransportConfig", "Get-SharingPolicy", "Get-TransportRule", "Get-HostedConnectionFilterPolicy", "Get-OrganizationConfig" ], "exo_unsuccessful_commands": [ ], "tenant_id": "3c19c757-3b55-411f-b03f-2bcc514a598d", "environment_creation": [ { "walkMeOptOut": false, "disableNPSCommentsReachout": false, "disableNewsletterSendout": false, "disableEnvironmentCreationByNonAdminUsers": true, "disablePortalsCreationByNonAdminUsers": true, "disableSurveyFeedback": false, "disableSurveyScreenshots": false, "disableTrialEnvironmentCreationByNonAdminUsers": true, "disableCapacityAllocationByEnvironmentAdmins": false, "disableSupportTicketsVisibleByAllUsers": true, "powerPlatform": { "search": "@{disableDocsSearch=True; disableCommunitySearch=False; disableBingVideoSearch=False}", "teamsIntegration": "@{shareWithColleaguesUserLimit=10000}", "powerApps": "@{disableShareWithEveryone=True; enableGuestsToMake=False; disableMakerMatch=False; disableUnusedLicenseAssignment=False; disableCreateFromImage=False; disableCreateFromFigma=False; enableCanvasAppInsights=True; disableConnectionSharingWithEveryone=False; allowNewOrgChannelDefault=True; disableCopilot=False}", "powerAutomate": "@{disableCopilot=False; disableCopilotWithBing=False; disableFlowRunResubmission=True}", "environments": "@{disablePreferredDataLocationForTeamsEnvironment=False}", "governance": "@{disableAdminDigest=False; disableDeveloperEnvironmentCreationByNonAdminUsers=True; enableDefaultEnvironmentRouting=False; policy=; environmentRoutingAllMakers=False}", "licensing": "@{disableBillingPolicyCreationByNonAdminUsers=False; enableTenantCapacityReportForEnvironmentAdmins=False; storageCapacityConsumptionWarningThreshold=85; enableTenantLicensingReportForEnvironmentAdmins=False; disableUseOfUnassignedAIBuilderCredits=False}", "powerPages": "@{enableGenerativeAIFeaturesForSiteUsers=All; enableExternalAuthenticationProvidersInPowerPages=All}", "champions": "@{disableChampionsInvitationReachout=False; disableSkillsMatchInvitationReachout=False}", "intelligence": "@{disableCopilot=True; enableOpenAiBotPublishing=False; disableCopilotFeedback=False; disableCopilotFeedbackMetadata=True; disableAiPrompts=False}", "modelExperimentation": "@{enableModelDataSharing=False; disableDataLogging=False}", "catalogSettings": "@{powerCatalogAudienceSetting=All}", "userManagementSettings": "@{enableDeleteDisabledUserinAllEnvironments=False}", "helpSupportSettings": "@{disableHelpSupportCopilot=False; useSupportBingSearchByAllUsers=True}", "gccCommercialSettings": "@{disableGccCommercialAccess=True}" } } ], "dlp_policies": [ { "value": [ { "name": "41c09ec8-1816-4577-8c00-36202b97d9b0", "displayName": "DLP functional test", "defaultConnectorsClassification": "General", "connectorGroups": [ { "classification": "Confidential", "connectors": [ ] }, { "classification": "General", "connectors": [ ] }, { "classification": "Blocked", "connectors": [ ] } ], "environmentType": "SingleEnvironment", "environments": [ { "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "name": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "type": "Microsoft.BusinessAppPlatform/scopes/environments" } ], "createdBy": { "displayName": "Service Principal (b757a8ea-3bfd-43eb-8f91-a0f9c05b5c27)" }, "createdTime": "2024-12-18T12:42:45.3804868Z", "lastModifiedBy": { "displayName": "Service Principal (b757a8ea-3bfd-43eb-8f91-a0f9c05b5c27)" }, "lastModifiedTime": "2024-12-18T12:42:45.3804868Z", "etag": "65d6baba-0020-497e-b65e-b45bf0fd436b", "isLegacySchemaVersion": true } ] } ], "tenant_isolation": [ { "properties": { "tenantId": "27ecc021-87f7-4346-9682-b62bf3966808", "isDisabled": false, "allowedTenants": "" } } ], "environment_list": [ { "EnvironmentName": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "DisplayName": "tqhjy (default) (org8537b7dc)", "Description": null, "IsDefault": true, "Location": "usgov", "CreatedTime": "2021-12-13T20:40:14.1749137Z", "CreatedBy": { "id": "SYSTEM", "displayName": "SYSTEM", "type": "NotSpecified" }, "LastModifiedTime": null, "LastModifiedBy": null, "CreationType": "DefaultTenant", "EnvironmentType": "Default", "CommonDataServiceDatabaseProvisioningState": "Succeeded", "CommonDataServiceDatabaseType": "Common Data Service for Apps", "Internal": { "id": "/providers/Microsoft.BusinessAppPlatform/scopes/admin/environments/Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "type": "Microsoft.BusinessAppPlatform/scopes/environments", "location": "usgov", "name": "Default-3c19c757-3b55-411f-b03f-2bcc514a598d", "properties": "@{tenantId=27ecc021-87f7-4346-9682-b62bf3966808; azureRegionHint=usgovtexas; displayName=tqhjy (default) (org8537b7dc); createdTime=2021-12-13T20:40:14.1749137Z; createdBy=; provisioningState=Succeeded; creationType=DefaultTenant; environmentSku=Default; environmentType=Production; isDefault=True; permissions=; runtimeEndpoints=; linkedEnvironmentMetadata=; trialScenarioType=None; retentionPeriod=P7D; states=; updateCadence=; retentionDetails=; protectionStatus=; cluster=; connectedGroups=System.Object[]; lifecycleOperationsEnforcement=; governanceConfiguration=; bingChatEnabled=False; enableAnalyticsForMakers=True}" }, "InternalCds": null, "OrganizationId": "ff4adc41-8f11-42a1-9e5a-d208f91a6db4", "RetentionPeriod": 7 } ], "powerplatform_successful_commands": [ "Get-TenantDetailsFromGraph", "Get-TenantSettings", "Get-AdminPowerAppEnvironment", "Get-DlpPolicy", "Get-PowerAppTenantIsolationPolicy" ], "powerplatform_unsuccessful_commands": [ ], "SPO_tenant": [ { "StorageQuota": 1355776, "BonusStorageQuotaMB": 0, "StorageQuotaAllocated": 0, "ResourceQuota": 0, "ResourceQuotaAllocated": 0, "OneDriveStorageQuota": 1048576, "CompatibilityRange": "15,15", "ExternalServicesEnabled": true, "NoAccessRedirectUrl": null, "ArchiveRedirectUrl": null, "SharingCapability": 0, "DisplayStartASiteOption": true, "StartASiteFormUrl": null, "ShowEveryoneClaim": false, "ShowAllUsersClaim": false, "OfficeClientADALDisabled": false, "LegacyAuthProtocolsEnabled": false, "DisableCustomAppAuthentication": true, "IsSharePointAddInsDisabled": false, "SiteOwnerManageLegacyServicePrincipalEnabled": false, "ShowEveryoneExceptExternalUsersClaim": true, "AllowEveryoneExceptExternalUsersClaimInPrivateSite": true, "SearchResolveExactEmailOrUPN": false, "RequireAcceptingAccountMatchInvitedAccount": false, "ProvisionSharedWithEveryoneFolder": false, "SignInAccelerationDomain": "", "EnableGuestSignInAcceleration": false, "UsePersistentCookiesForExplorerView": false, "ContentTypeSyncSiteTemplatesList": [ ], "BccExternalSharingInvitations": false, "BccExternalSharingInvitationsList": null, "UserVoiceForFeedbackEnabled": true, "PublicCdnEnabled": false, "PublicCdnAllowedFileTypes": "CSS,EOT,GIF,ICO,JPEG,JPG,JS,MAP,PNG,SVG,TTF,WOFF", "PublicCdnOrigins": [ ], "RequireAnonymousLinksExpireInDays": 30, "SharingAllowedDomainList": "admirable.us good.org", "SharingBlockedDomainList": "evil.is.us nefarious.com", "SharingDomainRestrictionMode": 1, "OneDriveForGuestsEnabled": false, "IPAddressEnforcement": false, "IPAddressAllowList": "", "IPAddressWACTokenLifetime": 15, "EnableTenantRestrictionsInsights": false, "EnablePromotedFileHandlers": true, "UseFindPeopleInPeoplePicker": false, "DefaultSharingLinkType": 1, "ODBMembersCanShare": 0, "ODBAccessRequests": 0, "PreventExternalUsersFromResharing": true, "ShowPeoplePickerSuggestionsForGuestUsers": false, "AppOnlyBypassPeoplePickerPolicies": false, "EnableDiscoverableByOrganizationForVideos": true, "FileAnonymousLinkType": 2, "FolderAnonymousLinkType": 2, "NotifyOwnersWhenItemsReshared": true, "NotifyOwnersWhenInvitationsAccepted": false, "NotificationsInOneDriveForBusinessEnabled": true, "NotificationsInSharePointEnabled": true, "SpecialCharactersStateInFileFolderNames": 1, "OwnerAnonymousNotification": true, "CommentsOnSitePagesDisabled": false, "CommentsOnFilesDisabled": false, "CommentsOnListItemsDisabled": false, "ViewersCanCommentOnMediaDisabled": false, "SocialBarOnSitePagesDisabled": false, "OrphanedPersonalSitesRetentionPeriod": 90, "PermissiveBrowserFileHandlingOverride": false, "DisallowInfectedFileDownload": false, "DefaultLinkPermission": 1, "CustomizedExternalSharingServiceUrl": "", "ConditionalAccessPolicy": 0, "AllowDownloadingNonWebViewableFiles": true, "LimitedAccessFileType": 1, "AllowEditing": true, "ApplyAppEnforcedRestrictionsToAdHocRecipients": true, "FilePickerExternalImageSearchEnabled": true, "EmailAttestationRequired": true, "EmailAttestationReAuthDays": 29, "DisabledWebPartIds": null, "EnableMinimumVersionRequirement": true, "MarkNewFilesSensitiveByDefault": 0, "EnableAIPIntegration": false, "AllowCommentsTextOnEmailEnabled": true, "ConditionalAccessPolicyErrorHelpLink": "", "EnableAzureADB2BIntegration": false, "IncludeAtAGlanceInShareEmails": true, "ExternalUserExpirationRequired": true, "ExternalUserExpireInDays": 100, "BlockDownloadLinksFileType": 1, "AnyoneLinkTrackUsers": false, "OneDriveLoopDefaultSharingLinkScope": -1, "OneDriveLoopDefaultSharingLinkRole": 0, "OneDriveRequestFilesLinkEnabled": false, "OneDriveRequestFilesLinkExpirationInDays": 1, "OneDriveSharingCapability": 0, "OneDriveDefaultShareLinkScope": -1, "OneDriveDefaultShareLinkRole": 0, "OneDriveDefaultLinkToExistingAccess": false, "OneDriveBlockGuestsAsSiteAdmin": 0, "CoreLoopDefaultSharingLinkScope": -1, "CoreLoopDefaultSharingLinkRole": 0, "CoreSharingCapability": 0, "CoreRequestFilesLinkEnabled": false, "CoreRequestFilesLinkExpirationInDays": 10, "CoreDefaultShareLinkScope": -1, "CoreDefaultShareLinkRole": 0, "CoreDefaultLinkToExistingAccess": false, "CoreBlockGuestsAsSiteAdmin": 0, "BlockAppAccessWithAuthenticationContext": false, "AllowAnonymousMeetingParticipantsToAccessWhiteboards": 0, "Workflows2013State": 2, "IsFluidEnabled": true, "IsWBFluidEnabled": true, "IsCollabMeetingNotesFluidEnabled": true, "IsLoopEnabled": true, "DisableDocumentLibraryDefaultLabeling": false, "EnableSensitivityLabelForPDF": false, "BlockSendLabelMismatchEmail": false, "LabelMismatchEmailHelpLink": null, "DisableAddShortcutsToOneDrive": false, "EnableAutoNewsDigest": true, "Workflow2010Disabled": true, "StopNew2010Workflows": false, "StopNew2013Workflows": false, "DisableBackToClassic": false, "BlockUserInfoVisibility": "ExternalPeopleInOD", "BlockUserInfoVisibilityInOneDrive": 1, "BlockUserInfoVisibilityInSharePoint": 0, "AllowOverrideForBlockUserInfoVisibility": false, "InformationBarriersSuspension": true, "IBImplicitGroupBased": false, "AppBypassInformationBarriers": false, "DefaultOneDriveInformationBarrierMode": "Explicit", "AllOrganizationSecurityGroupId": null, "DisablePersonalListCreation": false, "DisabledModernListTemplateIds": [ ], "DisableSpacesActivation": false, "DisableVivaConnectionsAnalytics": false, "HideSyncButtonOnTeamSite": false, "AllowGuestUserShareToUsersNotInSiteCollection": false, "DisableOutlookPSTVersionTrimming": false, "EnableVersionExpirationSetting": true, "EnableAutoExpirationVersionTrim": false, "ExpireVersionsAfterDays": 0, "MajorVersionLimit": 500, "StreamLaunchConfig": 0, "MediaTranscription": 0, "MediaTranscriptionAutomaticFeatures": 0, "ViewInFileExplorerEnabled": false, "AuthContextResilienceMode": 0, "ReduceTempTokenLifetimeEnabled": false, "ReduceTempTokenLifetimeValue": 15, "ShowOpenInDesktopOptionForSyncedFiles": false, "ShowPeoplePickerGroupSuggestionsForIB": false, "EnableRestrictedAccessControl": false, "BlockDownloadFileTypePolicy": false, "BlockDownloadFileTypeIds": [ ], "ExcludedBlockDownloadGroupIds": [ ], "TlsTokenBindingPolicyValue": 0, "LegacyBrowserAuthProtocolsEnabled": true, "RecycleBinRetentionPeriod": 93, "IsEnableAppAuthPopUpEnabled": false, "IsDataAccessInCardDesignerEnabled": false, "MassDeleteNotificationDisabled": false, "BusinessConnectivityServiceDisabled": false, "RansomwareProtectionEnabled": false, "AllowSensitivityLabelOnRecords": false, "DelayDenyAddAndCustomizePagesEnforcement": false, "EsignatureEnabled": false, "ESignatureSiteList": [ ], "ESignatureThirdPartyProviderInfoList": [ "\"{\\\"ProviderName\\\":\\\"DocuSign\\\",\\\"IsEnabled\\\":false}\"", "\"{\\\"ProviderName\\\":\\\"AdobeSign\\\",\\\"IsEnabled\\\":false}\"" ] } ], "SPO_site": [ { "LastContentModifiedDate": "\/Date(1733357138480)\/", "Status": "Active", "ArchiveStatus": "NotArchived", "BonusDiskQuota": 3128, "ResourceUsageCurrent": 0, "ResourceUsageAverage": 0, "StorageUsageCurrent": 1, "LockIssue": null, "WebsCount": 1, "CompatibilityLevel": 15, "DisableSharingForNonOwnersStatus": null, "HubSiteId": "00000000-0000-0000-0000-000000000000", "IsHubSite": false, "RelatedGroupId": "00000000-0000-0000-0000-000000000000", "GroupId": "00000000-0000-0000-0000-000000000000", "Url": "https://tqhjy.sharepoint.com/", "LocaleId": 1033, "LockState": "Unlock", "Owner": "c64580cf-5b99-4c0a-b15b-db035c63e177", "StorageQuota": 26214400, "StorageQuotaWarningLevel": 25574400, "ResourceQuota": 300, "ResourceQuotaWarningLevel": 255, "Template": "SITEPAGEPUBLISHING#0", "Title": "Communication site", "AllowSelfServiceUpgrade": true, "DenyAddAndCustomizePages": 2, "PWAEnabled": 1, "SharingCapability": 0, "SiteDefinedSharingCapability": 2, "SandboxedCodeActivationCapability": 2, "DisableCompanyWideSharingLinks": 2, "DisableAppViews": 2, "DisableFlows": 2, "AuthenticationContextName": null, "StorageQuotaType": null, "RestrictedToGeo": 3, "ShowPeoplePickerSuggestionsForGuestUsers": false, "SharingDomainRestrictionMode": 0, "SharingAllowedDomainList": "", "SharingBlockedDomainList": "", "ConditionalAccessPolicy": 0, "AllowDownloadingNonWebViewableFiles": false, "LimitedAccessFileType": 1, "AllowEditing": true, "SensitivityLabel": null, "CommentsOnSitePagesDisabled": false, "SocialBarOnSitePagesDisabled": false, "DefaultSharingLinkType": 0, "DefaultLinkPermission": 0, "DefaultLinkToExistingAccess": false, "AnonymousLinkExpirationInDays": 30, "OverrideTenantAnonymousLinkExpirationPolicy": true, "ExternalUserExpirationInDays": 0, "OverrideTenantExternalUserExpirationPolicy": false, "SharingLockDownEnabled": false, "SharingLockDownCanBeCleared": true, "InformationSegment": [ ], "InformationBarriersMode": "", "BlockDownloadLinksFileType": 1, "OverrideBlockUserInfoVisibility": 0, "IsTeamsConnected": false, "IsTeamsChannelConnected": false, "TeamsChannelType": 0, "MediaTranscription": 0, "ExcludedBlockDownloadGroupIds": [ ], "ExcludeBlockDownloadPolicySiteOwners": false, "ReadOnlyForBlockDownloadPolicy": false, "ExcludeBlockDownloadSharePointGroups": [ ], "BlockDownloadPolicy": false, "LoopDefaultSharingLinkScope": -1, "LoopDefaultSharingLinkRole": 0, "RequestFilesLinkEnabled": false, "RequestFilesLinkExpirationInDays": -1, "OverrideSharingCapability": false, "DefaultShareLinkScope": -1, "DefaultShareLinkRole": 0, "BlockGuestsAsSiteAdmin": 0, "ReadOnlyForUnmanagedDevices": false, "RestrictedAccessControl": false, "AuthenticationContextLimitedAccess": false, "RestrictedAccessControlGroups": [ ], "ListsShowHeaderAndNavigation": false, "EnableAutoExpirationVersionTrim": null, "ExpireVersionsAfterDays": null, "MajorVersionLimit": null } ], "OneDrive_PnP_Flag": false, "SharePoint_successful_commands": [ "Get-MgBetaOrganization", "Get-SPOTenant", "Get-SPOSite", "Get-PnPTenant", "Get-PnPTenantSite" ], "SharePoint_unsuccessful_commands": [ ], "teams_tenant_info": [ { "AnnouncementsDisabled": null, "AssignedPlan": [ "MCOEV", "Teams_GCC", "MCOProfessional", "MCOMEETADD" ], "City": null, "CompanyPartnership": [ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.CompanyPartnership" ], "CompanyTags": null, "Country": null, "CountryAbbreviation": null, "DefaultPoolFqdn": null, "DirSyncEnabled": true, "DisplayName": "tqhjy", "LastSyncTimeStamp": "\/Date(1729473077334)\/", "NameRecordingDisabled": null, "Pools": null, "PostalCode": null, "PreferredLanguage": "en", "ProvisionedPlan": [ "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline", "MicrosoftCommunicationsOnline" ], "ServiceInfo": "[]", "ServiceInstance": "MicrosoftCommunicationsOnline/GOV-1B-G6", "ServiceNumberCount": null, "SipDomain": [ "tqhjy.onmicrosoft.com" ], "StateOrProvince": null, "Street": null, "SubscriberNumberCount": null, "SyncInLyncAdInfo": { "IsSyncDisabledAtTenantCreation": null, "IsUserSyncDisabled": null, "IsUserSyncStateChanging": null, "StopSyncRevertCompleteTimestamp": null, "StopSyncRevertTimestamp": null, "StopSyncTimestamp": null }, "TeamsUpgradeEffectiveMode": "TeamsOnly", "TeamsUpgradeNotificationsEnabled": false, "TeamsUpgradeOverridePolicy": "UpgradeToTeams", "TeamsUpgradePolicyIsReadOnly": "ModeAndNotifications", "TenantId": "27ecc021-87f7-4346-9682-b62bf3966808", "TnmAccountId": null, "VerifiedDomains": [ "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain", "Microsoft.Teams.ConfigAPI.Cmdlets.Generated.Models.TenantVerifiedSipDomain" ], "WhenChanged": null, "WhenCreated": "\/Date(-62135596800000)\/", "LastProvisionTimeStamps": { "TenantSipDomains": "2024-10-08T21:31:31.4706826+00:00", "TenantRegistrarPool": "2024-10-08T21:31:31.5618605+00:00", "ConfigDistributionStatus": "2023-08-16T12:22:12.1434748+00:00" }, "LastPublishTimeStamps": { "ProvisionedPlanPublishAuthoredProps": "2023-08-16T12:21:47.569208+00:00", "ProvisionCpcTenantConfigProcessor": "2023-08-16T12:21:44.5681938+00:00", "PublishProvisionedPlanProcessor": "2022-10-20T21:16:44.2365367+00:00", "UpdateBvdTenantProcessor": "2024-10-08T21:31:37.6116444+00:00" } } ], "meeting_policies": [ { "Identity": "Global", "Description": null, "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": -1, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:Custom Policy 1", "Description": "Used to test multiple Teams policy baselines", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": false, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompanyExcludingGuests", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": true, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "JoinWithAudioOnly", "DetectSensitiveContentDuringScreenSharing": false, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:AllOn", "Description": "Do not assign. This policy is same as global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:RestrictedAnonymousAccess", "Description": "Do not assign. This policy is same as global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:AllOff", "Description": null, "AllowChannelMeetingScheduling": false, "AllowMeetNow": false, "AllowPrivateMeetNow": false, "MeetingChatEnabledType": "Disabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": false, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": false, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": false, "AllowPowerPointSharing": false, "AllowParticipantGiveRequestControl": false, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": false, "AllowWhiteboard": false, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "Disabled", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:RestrictedAnonymousNoRecording", "Description": "Do not assign. This policy is similar to global defaults and would be deprecated", "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:Default", "Description": null, "AllowChannelMeetingScheduling": true, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "DisabledUserOverride", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": true, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": true, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": true, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" }, { "Identity": "Tag:Kiosk", "Description": null, "AllowChannelMeetingScheduling": false, "AllowMeetNow": true, "AllowPrivateMeetNow": true, "MeetingChatEnabledType": "Enabled", "AllowExternalNonTrustedMeetingChat": true, "CopyRestriction": true, "LiveCaptionsEnabledType": "Disabled", "DesignatedPresenterRoleMode": "EveryoneUserOverride", "AllowIPAudio": true, "AllowIPVideo": true, "AllowEngagementReport": "Enabled", "AllowTrackingInReport": "EnabledUserOverride", "IPAudioMode": "EnabledOutgoingIncoming", "IPVideoMode": "EnabledOutgoingIncoming", "AllowAnonymousUsersToDialOut": false, "AllowAnonymousUsersToStartMeeting": false, "AllowAnonymousUsersToJoinMeeting": true, "BlockedAnonymousJoinClientTypes": null, "AllowedStreamingMediaInput": null, "ExplicitRecordingConsent": "Disabled", "AllowLocalRecording": false, "AutoRecording": "Enabled", "ParticipantNameChange": "Disabled", "AllowPrivateMeetingScheduling": false, "AutoAdmittedUsers": "EveryoneInCompany", "AllowCloudRecording": false, "AllowRecordingStorageOutsideRegion": false, "RecordingStorageMode": "OneDriveForBusiness", "AllowOutlookAddIn": false, "AllowPowerPointSharing": true, "AllowParticipantGiveRequestControl": true, "AllowExternalParticipantGiveRequestControl": false, "AllowSharedNotes": true, "AllowWhiteboard": true, "AllowTranscription": false, "AllowNetworkConfigurationSettingsLookup": false, "MediaBitRateKb": 50000, "ScreenSharingMode": "EntireScreen", "VideoFiltersMode": "AllFilters", "AllowPSTNUsersToBypassLobby": false, "AllowOrganizersToOverrideLobbySettings": false, "PreferredMeetingProviderForIslandsMode": "TeamsAndSfb", "AllowNDIStreaming": false, "SpeakerAttributionMode": "EnabledUserOverride", "EnrollUserOverride": "Disabled", "RoomAttributeUserOverride": "Off", "StreamingAttendeeMode": "Disabled", "AttendeeIdentityMasking": "DisabledUserOverride", "AllowBreakoutRooms": true, "TeamsCameraFarEndPTZMode": "Disabled", "AllowMeetingReactions": true, "AllowMeetingRegistration": true, "WhoCanRegister": "Everyone", "AllowScreenContentDigitization": "Enabled", "AllowCarbonSummary": true, "RoomPeopleNameUserOverride": "Off", "AllowMeetingCoach": true, "NewMeetingRecordingExpirationDays": 120, "LiveStreamingMode": "Disabled", "MeetingInviteLanguages": null, "ChannelRecordingDownload": "Allow", "AllowCartCaptionsScheduling": "DisabledUserOverride", "AllowTasksFromTranscript": "Enabled", "InfoShownInReportMode": "FullInformation", "LiveInterpretationEnabledType": "DisabledUserOverride", "QnAEngagementMode": "Enabled", "AllowImmersiveView": true, "AllowAvatarsInGallery": true, "AllowAnnotations": true, "AllowDocumentCollaboration": "Enabled", "AllowWatermarkForScreenSharing": false, "AllowWatermarkForCameraVideo": false, "AllowWatermarkCustomizationForCameraVideo": true, "WatermarkForCameraVideoOpacity": 30, "WatermarkForCameraVideoPattern": "Tiled", "AllowWatermarkCustomizationForScreenSharing": true, "WatermarkForScreenSharingOpacity": 30, "WatermarkForScreenSharingPattern": "Tiled", "WatermarkForAnonymousUsers": "WatermarkWithDisplayName", "DetectSensitiveContentDuringScreenSharing": true, "AudibleRecordingNotification": "PstnOnly", "ConnectToMeetingControls": "Enabled", "Copilot": "EnabledWithTranscript", "AutomaticallyStartCopilot": "Disabled", "VoiceIsolation": "Enabled", "ExternalMeetingJoin": "EnabledForAnyone", "ContentSharingInExternalMeetings": "EnabledForAnyone", "AllowedUsersForMeetingContext": "InvitedUsers", "SmsNotifications": "OnAllowOrganizerOverride", "CaptchaVerificationForMeetingJoin": "NotRequired", "UsersCanAdmitFromLobby": "OrganizersAndPresentersOnly", "LobbyChat": "Enabled", "NoiseSuppressionForDialInParticipants": "MicrosoftDefault" } ], "federation_configuration": [ { "AllowedDomains": { "AllowedDomain": "Domain=domains.r.us" }, "BlockedDomains": [ ], "AllowedTrialTenantDomains": [ ], "AllowFederatedUsers": false, "AllowPublicUsers": false, "AllowTeamsSms": true, "AllowTeamsConsumer": false, "AllowTeamsConsumerInbound": false, "TreatDiscoveredPartnersAsUnverified": false, "SharedSipAddressSpace": false, "RestrictTeamsConsumerToExternalUserProfiles": false, "BlockAllSubdomains": false, "ExternalAccessWithTrialTenants": "Blocked", "CustomizeFederation": false, "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" }, "ConfigId": "Global" } ], "client_configuration": [ { "AllowEmailIntoChannel": false, "RestrictedSenderList": null, "AllowDropBox": true, "AllowBox": true, "AllowGoogleDrive": true, "AllowShareFile": true, "AllowEgnyte": true, "AllowOrganizationTab": true, "AllowSkypeBusinessInterop": true, "ContentPin": "RequiredOutsideScheduleMeeting", "AllowResourceAccountSendMessage": true, "ResourceAccountContentAccess": "NoAccess", "AllowGuestUser": true, "AllowScopedPeopleSearchandAccess": false, "AllowRoleBasedChatPermissions": false, "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" }, "ConfigId": "Global" } ], "app_policies": [ { "Identity": "Global", "DefaultCatalogApps": [ ], "GlobalCatalogApps": [ ], "PrivateCatalogApps": [ ], "Description": null, "DefaultCatalogAppsType": "AllowedAppList", "GlobalCatalogAppsType": "AllowedAppList", "PrivateCatalogAppsType": "AllowedAppList" } ], "broadcast_policies": [ { "Description": null, "AllowBroadcastScheduling": true, "AllowBroadcastTranscription": false, "BroadcastAttendeeVisibilityMode": "EveryoneInCompany", "BroadcastRecordingMode": "UserOverride", "DataSource": null, "Key": { "ScopeClass": "Global", "SchemaId": "XName=", "AuthorityId": "Class=Tenant;InstanceId=3c19c757-3b55-411f-b03f-2bcc514a598d;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Global", "ConfigMetadata": { "Authority": "Tenant" }, "ConfigId": "Global" }, { "Description": null, "AllowBroadcastScheduling": true, "AllowBroadcastTranscription": false, "BroadcastAttendeeVisibilityMode": "EveryoneInCompany", "BroadcastRecordingMode": "AlwaysEnabled", "DataSource": "Memory", "Key": { "ScopeClass": "Tag", "SchemaId": "XName=", "AuthorityId": "Class=Host;InstanceId=00000000-0000-0000-0000-000000000000;XmlRoot=", "DefaultXml": "SchemaId=;Data=;ConfigObject=;Signature=00000000-0000-0000-0000-000000000000;IsModified=True", "XmlRoot": "name={urn:schema:Microsoft.Rtc.Management.ScopeFramework.2008}AnchoredXmlKey" }, "Identity": "Tag:Default", "ConfigMetadata": { "Authority": "Host" }, "ConfigId": "nypeLX04KOHQHrU13bs1Ovd3CuWLFqDLO1Togz6l5YA" } ], "teams_successful_commands": [ "Get-CsTenant", "Get-CsTeamsMeetingPolicy", "Get-CsTenantFederationConfiguration", "Get-CsTeamsClientConfiguration", "Get-CsTeamsAppPermissionPolicy", "Get-CsTeamsMeetingBroadcastPolicy" ], "teams_unsuccessful_commands": [ ] } } |